High severityNVD Advisory· Published Jan 12, 2021· Updated Oct 8, 2024
ASP.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2021-1723
Description
ASP.NET Core and Visual Studio Denial of Service Vulnerability
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Microsoft.AspNetCore.Server.Kestrel.CoreNuGet | < 2.1.25 | 2.1.25 |
Microsoft.AspNetCore.App.Runtime.linux-armNuGet | >= 3.1.0, < 3.1.11 | 3.1.11 |
Microsoft.AspNetCore.App.Runtime.linux-armNuGet | >= 5.0.0, < 5.0.2 | 5.0.2 |
Microsoft.AspNetCore.App.Runtime.linux-arm64NuGet | >= 3.1.0, < 3.1.11 | 3.1.11 |
Microsoft.AspNetCore.App.Runtime.linux-arm64NuGet | >= 5.0.0, < 5.0.2 | 5.0.2 |
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64NuGet | >= 3.1.0, < 3.1.11 | 3.1.11 |
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64NuGet | >= 5.0.0, < 5.0.2 | 5.0.2 |
Microsoft.AspNetCore.App.Runtime.linux-musl-x64NuGet | >= 3.1.0, < 3.1.11 | 3.1.11 |
Microsoft.AspNetCore.App.Runtime.linux-musl-x64NuGet | >= 5.0.0, < 5.0.2 | 5.0.2 |
Microsoft.AspNetCore.App.Runtime.linux-x64NuGet | >= 3.1.0, < 3.1.11 | 3.1.11 |
Microsoft.AspNetCore.App.Runtime.linux-x64NuGet | >= 5.0.0, < 5.0.2 | 5.0.2 |
Microsoft.AspNetCore.App.Runtime.osx-x64NuGet | >= 3.1.0, < 3.1.11 | 3.1.11 |
Microsoft.AspNetCore.App.Runtime.osx-x64NuGet | >= 5.0.0, < 5.0.2 | 5.0.2 |
Microsoft.AspNetCore.App.Runtime.win-armNuGet | >= 3.1.0, < 3.1.11 | 3.1.11 |
Microsoft.AspNetCore.App.Runtime.win-armNuGet | >= 5.0.0, < 5.0.2 | 5.0.2 |
Microsoft.AspNetCore.App.Runtime.win-arm64NuGet | >= 3.1.0, < 3.1.11 | 3.1.11 |
Microsoft.AspNetCore.App.Runtime.win-arm64NuGet | >= 5.0.0, < 5.0.2 | 5.0.2 |
Microsoft.AspNetCore.App.Runtime.win-x64NuGet | >= 3.1.0, < 3.1.11 | 3.1.11 |
Microsoft.AspNetCore.App.Runtime.win-x64NuGet | >= 5.0.0, < 5.0.2 | 5.0.2 |
Microsoft.AspNetCore.App.Runtime.win-x86NuGet | >= 3.1.0, < 3.1.11 | 3.1.11 |
Microsoft.AspNetCore.App.Runtime.win-x86NuGet | >= 5.0.0, < 5.0.2 | 5.0.2 |
Microsoft.AspNetCore.App.Runtime.linux-musl-armNuGet | >= 5.0.1, < 5.0.2 | 5.0.2 |
Affected products
2cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*range: 3.0
- cpe:2.3:a:microsoft:asp.net_core:5.0:*:*:*:*:*:*:*range: 5.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-242j-2gm6-5rwxghsaADVISORY
- msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1723ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-1723ghsaADVISORY
- github.com/dotnet/announcements/issues/170ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4BghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUWghsaWEB
News mentions
0No linked articles in our index yet.