NuGet package

microsoft.aspnetcore.app.runtime.osx-arm64

pkg:nuget/microsoft.aspnetcore.app.runtime.osx-arm64

Vulnerabilities (14)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-26130	Hig	7.5	>= 8.0.0, < 8.0.25	8.0.25	Mar 10, 2026	Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2025-55315		—	>= 10.0.0-rc.1.25451.107, < 10.0.0-rc.2.25502.107	10.0.0-rc.2.25502.107	Oct 14, 2025	Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
CVE-2025-24070		—	>= 9.0.0, < 9.0.3	9.0.3	Mar 11, 2025	Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
CVE-2024-38229		—	>= 9.0.0-preview.1.24081.5, < 9.0.0-rc.2.24474.3	9.0.0-rc.2.24474.3	Oct 8, 2024	.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-35264		—	>= 8.0.0, < 8.0.7	8.0.7	Jul 9, 2024	.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-30046		—	>= 7.0.0, < 7.0.19	7.0.19	May 14, 2024	Visual Studio Denial of Service Vulnerability
CVE-2024-21386		—	< 6.0.27	6.0.27	Feb 13, 2024	.NET Denial of Service Vulnerability
CVE-2023-33170		—	>= 7.0.0, < 7.0.9	7.0.9	Jul 11, 2023	ASP.NET and Visual Studio Security Feature Bypass Vulnerability
CVE-2022-38013		—	>= 5.0.0, < 6.0.9	6.0.9	Sep 13, 2022	.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2022-34716		—	>= 6.0.0, < 6.0.8	6.0.8	Aug 9, 2022	.NET Spoofing Vulnerability
CVE-2022-29117		—	>= 6.0.0, < 6.0.5	6.0.5	May 10, 2022	.NET and Visual Studio Denial of Service Vulnerability
CVE-2022-23267		—	>= 6.0.0, < 6.0.5	6.0.5	May 10, 2022	.NET and Visual Studio Denial of Service Vulnerability
CVE-2022-24464		—	>= 6.0.0, < 6.0.3	6.0.3	Mar 9, 2022	.NET and Visual Studio Denial of Service Vulnerability
CVE-2022-21986		—	>= 6.0.0, < 6.0.2	6.0.2	Feb 9, 2022	.NET Denial of Service Vulnerability

CVE-2026-26130HigMar 10, 2026
affected >= 8.0.0, < 8.0.25fixed 8.0.25
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2025-55315Oct 14, 2025
affected >= 10.0.0-rc.1.25451.107, < 10.0.0-rc.2.25502.107fixed 10.0.0-rc.2.25502.107
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
CVE-2025-24070Mar 11, 2025
affected >= 9.0.0, < 9.0.3fixed 9.0.3
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
CVE-2024-38229Oct 8, 2024
affected >= 9.0.0-preview.1.24081.5, < 9.0.0-rc.2.24474.3fixed 9.0.0-rc.2.24474.3
.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-35264Jul 9, 2024
affected >= 8.0.0, < 8.0.7fixed 8.0.7
.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-30046May 14, 2024
affected >= 7.0.0, < 7.0.19fixed 7.0.19
Visual Studio Denial of Service Vulnerability
CVE-2024-21386Feb 13, 2024
affected < 6.0.27fixed 6.0.27
.NET Denial of Service Vulnerability
CVE-2023-33170Jul 11, 2023
affected >= 7.0.0, < 7.0.9fixed 7.0.9
ASP.NET and Visual Studio Security Feature Bypass Vulnerability
CVE-2022-38013Sep 13, 2022
affected >= 5.0.0, < 6.0.9fixed 6.0.9
.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2022-34716Aug 9, 2022
affected >= 6.0.0, < 6.0.8fixed 6.0.8
.NET Spoofing Vulnerability
CVE-2022-29117May 10, 2022
affected >= 6.0.0, < 6.0.5fixed 6.0.5
.NET and Visual Studio Denial of Service Vulnerability
CVE-2022-23267May 10, 2022
affected >= 6.0.0, < 6.0.5fixed 6.0.5
.NET and Visual Studio Denial of Service Vulnerability
CVE-2022-24464Mar 9, 2022
affected >= 6.0.0, < 6.0.3fixed 6.0.3
.NET and Visual Studio Denial of Service Vulnerability
CVE-2022-21986Feb 9, 2022
affected >= 6.0.0, < 6.0.2fixed 6.0.2
.NET Denial of Service Vulnerability