apk package
chainguard/dotnet-bootstrap-8
pkg:apk/chainguard/dotnet-bootstrap-8
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-42899 | Hig | 7.5 | < 8.0.127-r0 | 8.0.127-r0 | May 12, 2026 | Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network. | |
| CVE-2026-33116 | Hig | 7.5 | < 8.0.127-r0 | 8.0.127-r0 | Apr 14, 2026 | Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network. | |
| CVE-2026-32178 | Hig | 7.5 | < 8.0.127-r0 | 8.0.127-r0 | Apr 14, 2026 | Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network. | |
| CVE-2026-26171 | Hig | 7.5 | < 8.0.127-r0 | 8.0.127-r0 | Apr 14, 2026 | Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. | |
| CVE-2026-26130 | Hig | 7.5 | < 8.0.126-r0 | 8.0.126-r0 | Mar 10, 2026 | Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. | |
| CVE-2025-55248 | — | < 8.0.122-r0 | 8.0.122-r0 | Oct 14, 2025 | Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. | ||
| CVE-2025-55315 | — | < 8.0.122-r0 | 8.0.122-r0 | Oct 14, 2025 | Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. | ||
| CVE-2025-30399 | — | < 8.0.18-r0 | 8.0.18-r0 | Jun 13, 2025 | Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-26646 | — | < 8.0.122-r0 | 8.0.122-r0 | May 13, 2025 | External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2024-38095 | — | < 8.0.11-r0 | 8.0.11-r0 | Jul 9, 2024 | .NET and Visual Studio Denial of Service Vulnerability |
- affected < 8.0.127-r0fixed 8.0.127-r0
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
- affected < 8.0.127-r0fixed 8.0.127-r0
Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.
- affected < 8.0.127-r0fixed 8.0.127-r0
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
- affected < 8.0.127-r0fixed 8.0.127-r0
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
- affected < 8.0.126-r0fixed 8.0.126-r0
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
- CVE-2025-55248Oct 14, 2025affected < 8.0.122-r0fixed 8.0.122-r0
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
- CVE-2025-55315Oct 14, 2025affected < 8.0.122-r0fixed 8.0.122-r0
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
- CVE-2025-30399Jun 13, 2025affected < 8.0.18-r0fixed 8.0.18-r0
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
- CVE-2025-26646May 13, 2025affected < 8.0.122-r0fixed 8.0.122-r0
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
- CVE-2024-38095Jul 9, 2024affected < 8.0.11-r0fixed 8.0.11-r0
.NET and Visual Studio Denial of Service Vulnerability