Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@5.0.0

Type nuget

Namespace

Name Microsoft.AspNetCore.App.Runtime.win-x86

Version 5.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-5n75-cxug-2uaj

vulnerability_id VCID-5n75-cxug-2uaj

summary

Denial Of Service
This advisory has been marked as a false positive.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21986.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21986.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-21986

reference_id

reference_type

scores

value	0.01714
scoring_system	epss
scoring_elements	0.82393
published_at	2026-04-18T12:55:00Z

value	0.01714
scoring_system	epss
scoring_elements	0.82392
published_at	2026-04-16T12:55:00Z

value	0.01714
scoring_system	epss
scoring_elements	0.82358
published_at	2026-04-13T12:55:00Z

value	0.01714
scoring_system	epss
scoring_elements	0.82364
published_at	2026-04-12T12:55:00Z

value	0.01714
scoring_system	epss
scoring_elements	0.82304
published_at	2026-04-02T12:55:00Z

value	0.01714
scoring_system	epss
scoring_elements	0.82322
published_at	2026-04-04T12:55:00Z

value	0.01714
scoring_system	epss
scoring_elements	0.82371
published_at	2026-04-11T12:55:00Z

value	0.01714
scoring_system	epss
scoring_elements	0.82351
published_at	2026-04-09T12:55:00Z

value	0.01714
scoring_system	epss
scoring_elements	0.82317
published_at	2026-04-07T12:55:00Z

value	0.01714
scoring_system	epss
scoring_elements	0.82344
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-21986

reference_url

https://github.com/dotnet/announcements/issues/207

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/announcements/issues/207

reference_url

https://github.com/dotnet/aspnetcore

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore

reference_url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-x459-p2rx-f8ff

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-x459-p2rx-f8ff

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HMQOHV7G5TF6OMBN6DNTDOKQQU7KHMM

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HMQOHV7G5TF6OMBN6DNTDOKQQU7KHMM

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HMQOHV7G5TF6OMBN6DNTDOKQQU7KHMM/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HMQOHV7G5TF6OMBN6DNTDOKQQU7KHMM/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCTBSBE3PNIMXG6ALX2CQG4ZEH7W3YAT

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCTBSBE3PNIMXG6ALX2CQG4ZEH7W3YAT

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCTBSBE3PNIMXG6ALX2CQG4ZEH7W3YAT/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCTBSBE3PNIMXG6ALX2CQG4ZEH7W3YAT/

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21986

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21986

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2051490
reference_id	2051490
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2051490

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-21986

reference_id

CVE-2022-21986

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-21986

reference_url

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21986

reference_id

CVE-2022-21986

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21986

reference_url

https://github.com/advisories/GHSA-x459-p2rx-f8ff

reference_id

GHSA-x459-p2rx-f8ff

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x459-p2rx-f8ff

reference_url	https://access.redhat.com/errata/RHSA-2022:0495
reference_id	RHSA-2022:0495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0495

reference_url	https://access.redhat.com/errata/RHSA-2022:0496
reference_id	RHSA-2022:0496
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0496

reference_url	https://access.redhat.com/errata/RHSA-2022:0499
reference_id	RHSA-2022:0499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0499

reference_url	https://access.redhat.com/errata/RHSA-2022:0500
reference_id	RHSA-2022:0500
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0500

fixed_packages

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@5.0.14
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@5.0.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@5.0.14

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.2
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.2

aliases CVE-2022-21986, GHSA-x459-p2rx-f8ff

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5n75-cxug-2uaj

url VCID-7j9q-dfj7-jbgt

vulnerability_id VCID-7j9q-dfj7-jbgt

summary

.NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exists in .NET 6.0, .NET 5.0 and .NET core 3.1 where a malicious client can can cause a denial of service when HTML forms are parsed.

### Affected software

* Any .NET 6.0 application running on .NET 6.0.4 or earlier.
* Any .NET 5.0 application running .NET 5.0.16 or earlier.
* Any .NET Core 3.1 application running on .NET Core 3.1.24 or earlier.

#### Affected packages

**.NET Core 3.1**

| Package name                                  | Affected version | Patched version |
|---------------------------------------------------|---------------------|---------------|
| Microsoft.AspNetCore.App.Runtime.win-x64          | >=3.0.0,3.1.24      | 3.1.25        |
| Microsoft.AspNetCore.App.Runtime.linux-x64        | >=3.0.0,3.1.24      | 3.1.25        |
| Microsoft.AspNetCore.App.Runtime.win-x86          | >=3.0.0,3.1.24      | 3.1.25        |
| Microsoft.AspNetCore.App.Runtime.osx-x64          | >=3.0.0,3.1.24      | 3.1.25        |
| Microsoft.AspNetCore.App.Runtime.linux-musl-x64   | >=3.0.0,3.1.24      | 3.1.25        |
| Microsoft.AspNetCore.App.Runtime.linux-arm64      | >=3.0.0,3.1.24      | 3.1.25        |
| Microsoft.AspNetCore.App.Runtime.linux-arm        | >=3.0.0,3.1.24      | 3.1.25        |
| Microsoft.AspNetCore.App.Runtime.win-arm64        | >=3.0.0,3.1.24      | 3.1.25        |
| Microsoft.AspNetCore.App.Runtime.win-arm          | >=3.0.0,3.1.24      | 3.1.25        |
| Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 | >=3.0.0,3.1.24      | 3.1.25        |
| Microsoft.AspNetCore.App.Runtime.linux-musl-arm   | >=3.0.0,3.1.24      | 3.1.25        |

**.NET 5.0**

| Package name                                  | Affected version | Patched version |
|---------------------------------------------------|---------------------|---------------|
| Microsoft.AspNetCore.App.Runtime.win-x64          | >=5.0.0,5.0.16      | 5.0.17        |
| Microsoft.AspNetCore.App.Runtime.linux-x64        | >=5.0.0,5.0.16      | 5.0.17        |
| Microsoft.AspNetCore.App.Runtime.win-x86          | >=5.0.0,5.0.16      | 5.0.17        |
| Microsoft.AspNetCore.App.Runtime.osx-x64          | >=5.0.0,5.0.16      | 5.0.17        |
| Microsoft.AspNetCore.App.Runtime.linux-musl-x64   | >=5.0.0,5.0.16      | 5.0.17        |
| Microsoft.AspNetCore.App.Runtime.linux-arm64      | >=5.0.0,5.0.16      | 5.0.17        |
| Microsoft.AspNetCore.App.Runtime.linux-arm        | >=5.0.0,5.0.16      | 5.0.17        |
| Microsoft.AspNetCore.App.Runtime.win-arm64        | >=5.0.0,5.0.16      | 5.0.17        |
| Microsoft.AspNetCore.App.Runtime.win-arm          | >=5.0.0,5.0.16      | 5.0.17        |
| Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 | >=5.0.0,5.0.16      | 5.0.17        |
| Microsoft.AspNetCore.App.Runtime.linux-musl-arm   | >=5.0.0,5.0.16      | 5.0.17        |

**.NET 6.0**

| Package name                                  | Affected version | Patched version |
|---------------------------------------------------|---------------------|---------------|
| Microsoft.AspNetCore.App.Runtime.win-x64          | >=6.0.0,6.0.4       | 6.0.5         |
| Microsoft.AspNetCore.App.Runtime.linux-x64        | >=6.0.0,6.0.4       | 6.0.5         |
| Microsoft.AspNetCore.App.Runtime.win-x86          | >=6.0.0,6.0.4       | 6.0.5         |
| Microsoft.AspNetCore.App.Runtime.osx-x64          | >=6.0.0,6.0.4       | 6.0.5         |
| Microsoft.AspNetCore.App.Runtime.linux-musl-x64   | >=6.0.0,6.0.4       | 6.0.5         |
| Microsoft.AspNetCore.App.Runtime.linux-arm64      | >=6.0.0,6.0.4       | 6.0.5         |
| Microsoft.AspNetCore.App.Runtime.linux-arm        | >=6.0.0,6.0.4       | 6.0.5         |
| Microsoft.AspNetCore.App.Runtime.win-arm64        | >=6.0.0,6.0.4       | 6.0.5         |
| Microsoft.AspNetCore.App.Runtime.win-arm          | >=6.0.0,6.0.4       | 6.0.5         |
| Microsoft.AspNetCore.App.Runtime.osx-arm64        | >=6.0.0,6.0.4       | 6.0.5         |
| Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 | >=6.0.0,6.0.4       | 6.0.5         |
| Microsoft.AspNetCore.App.Runtime.linux-musl-arm   | >=6.0.0,6.0.4       | 6.0.5         |


### Patches
* If you're using .NET Core 6.0, you should download and install Runtime 6.0.5 or SDK 6.0.105 (for Visual Studio 2022 v17.0) or SDK 6.0.203 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0.

* If you're using .NET 5.0, you should download and install Runtime 5.0.17 or SDK 5.0.214 (for Visual Studio 2019 v16.9) or SDK 5.0.408 (for Visual Studio 2011 v16.11) from https://dotnet.microsoft.com/download/dotnet-core/5.0.

* If you're using .NET Core 3.1, you should download and install Runtime 3.1.25 or SDK 3.1.419 (for Visual Studio 2019 v16.9 or Visual Studio 2011 16.11 or Visual Studio 2022 17.0 or Visual Studio 2022 17.1 ) from https://dotnet.microsoft.com/download/dotnet-core/3.1.

.NET 6.0, .NET 5.0 and .NET Core 3.1 updates are also available from Microsoft Update. To access this either type "Check for updates" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates.

### Other

Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/222
An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/41609
MSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29145

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29145.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29145.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29145

reference_id

reference_type

scores

value	0.06204
scoring_system	epss
scoring_elements	0.90893
published_at	2026-04-18T12:55:00Z

value	0.06204
scoring_system	epss
scoring_elements	0.90896
published_at	2026-04-16T12:55:00Z

value	0.06204
scoring_system	epss
scoring_elements	0.90871
published_at	2026-04-13T12:55:00Z

value	0.06204
scoring_system	epss
scoring_elements	0.90873
published_at	2026-04-12T12:55:00Z

value	0.06204
scoring_system	epss
scoring_elements	0.90864
published_at	2026-04-09T12:55:00Z

value	0.06204
scoring_system	epss
scoring_elements	0.90858
published_at	2026-04-08T12:55:00Z

value	0.06204
scoring_system	epss
scoring_elements	0.90836
published_at	2026-04-04T12:55:00Z

value	0.06204
scoring_system	epss
scoring_elements	0.90826
published_at	2026-04-02T12:55:00Z

value	0.06204
scoring_system	epss
scoring_elements	0.90847
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29145

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-fcg8-mg9g-6hc4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-fcg8-mg9g-6hc4

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29145

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29145

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-29145

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-29145

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2083649
reference_id	2083649
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2083649

reference_url

https://github.com/advisories/GHSA-fcg8-mg9g-6hc4

reference_id

GHSA-fcg8-mg9g-6hc4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fcg8-mg9g-6hc4

reference_url	https://access.redhat.com/errata/RHSA-2022:2194
reference_id	RHSA-2022:2194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2194

reference_url	https://access.redhat.com/errata/RHSA-2022:2195
reference_id	RHSA-2022:2195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2195

reference_url	https://access.redhat.com/errata/RHSA-2022:2196
reference_id	RHSA-2022:2196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2196

reference_url	https://access.redhat.com/errata/RHSA-2022:2199
reference_id	RHSA-2022:2199
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2199

reference_url	https://access.redhat.com/errata/RHSA-2022:2200
reference_id	RHSA-2022:2200
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2200

reference_url	https://access.redhat.com/errata/RHSA-2022:2202
reference_id	RHSA-2022:2202
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2202

reference_url	https://access.redhat.com/errata/RHSA-2022:4588
reference_id	RHSA-2022:4588
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4588

fixed_packages

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@5.0.17
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@5.0.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@5.0.17

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.5
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.5

aliases CVE-2022-29145, GHSA-fcg8-mg9g-6hc4

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7j9q-dfj7-jbgt

url VCID-ew2m-qrrh-dkbf

vulnerability_id VCID-ew2m-qrrh-dkbf

summary This advisory has been marked as False-Positive and removed.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24464.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24464.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24464

reference_id

reference_type

scores

value	0.02377
scoring_system	epss
scoring_elements	0.85006
published_at	2026-04-18T12:55:00Z

value	0.02377
scoring_system	epss
scoring_elements	0.85005
published_at	2026-04-16T12:55:00Z

value	0.02377
scoring_system	epss
scoring_elements	0.84984
published_at	2026-04-13T12:55:00Z

value	0.02377
scoring_system	epss
scoring_elements	0.8499
published_at	2026-04-11T12:55:00Z

value	0.02377
scoring_system	epss
scoring_elements	0.84944
published_at	2026-04-07T12:55:00Z

value	0.02377
scoring_system	epss
scoring_elements	0.8494
published_at	2026-04-04T12:55:00Z

value	0.02377
scoring_system	epss
scoring_elements	0.84922
published_at	2026-04-02T12:55:00Z

value	0.02377
scoring_system	epss
scoring_elements	0.84988
published_at	2026-04-12T12:55:00Z

value	0.02377
scoring_system	epss
scoring_elements	0.84974
published_at	2026-04-09T12:55:00Z

value	0.02377
scoring_system	epss
scoring_elements	0.84967
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24464

reference_url

https://github.com/dotnet/announcements/issues/212

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/announcements/issues/212

reference_url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2061847
reference_id	2061847
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2061847

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-24464

reference_id

CVE-2022-24464

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-24464

reference_url

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464

reference_id

CVE-2022-24464

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464

reference_url

https://github.com/advisories/GHSA-cw98-9j8w-wxv9

reference_id

GHSA-cw98-9j8w-wxv9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cw98-9j8w-wxv9

reference_url	https://access.redhat.com/errata/RHSA-2022:0826
reference_id	RHSA-2022:0826
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0826

reference_url	https://access.redhat.com/errata/RHSA-2022:0827
reference_id	RHSA-2022:0827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0827

reference_url	https://access.redhat.com/errata/RHSA-2022:0828
reference_id	RHSA-2022:0828
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0828

reference_url	https://access.redhat.com/errata/RHSA-2022:0829
reference_id	RHSA-2022:0829
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0829

reference_url	https://access.redhat.com/errata/RHSA-2022:0830
reference_id	RHSA-2022:0830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0830

reference_url	https://access.redhat.com/errata/RHSA-2022:0832
reference_id	RHSA-2022:0832
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0832

fixed_packages

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@5.0.15
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@5.0.15
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@5.0.15

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.3
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.3

aliases CVE-2022-24464, GHSA-cw98-9j8w-wxv9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ew2m-qrrh-dkbf

url VCID-m6bh-57h2-73a3

vulnerability_id VCID-m6bh-57h2-73a3

summary This advisory has been marked as False-Positive and removed.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29117.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29117.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29117

reference_id

reference_type

scores

value	0.02187
scoring_system	epss
scoring_elements	0.84397
published_at	2026-04-18T12:55:00Z

value	0.02187
scoring_system	epss
scoring_elements	0.84375
published_at	2026-04-13T12:55:00Z

value	0.02187
scoring_system	epss
scoring_elements	0.84379
published_at	2026-04-12T12:55:00Z

value	0.02187
scoring_system	epss
scoring_elements	0.84386
published_at	2026-04-11T12:55:00Z

value	0.02187
scoring_system	epss
scoring_elements	0.84368
published_at	2026-04-09T12:55:00Z

value	0.02187
scoring_system	epss
scoring_elements	0.84341
published_at	2026-04-07T12:55:00Z

value	0.02187
scoring_system	epss
scoring_elements	0.84339
published_at	2026-04-04T12:55:00Z

value	0.02187
scoring_system	epss
scoring_elements	0.84318
published_at	2026-04-02T12:55:00Z

value	0.02187
scoring_system	epss
scoring_elements	0.84363
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29117

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dotnet/aspnetcore

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore

reference_url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29117

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29117

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2083647
reference_id	2083647
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2083647

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-29117

reference_id

CVE-2022-29117

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-29117

reference_url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117
reference_id	CVE-2022-29117
reference_type
scores
url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117

reference_url

https://github.com/advisories/GHSA-3rq8-h3gj-r5c6

reference_id

GHSA-3rq8-h3gj-r5c6

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3rq8-h3gj-r5c6

reference_url	https://access.redhat.com/errata/RHSA-2022:2194
reference_id	RHSA-2022:2194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2194

reference_url	https://access.redhat.com/errata/RHSA-2022:2195
reference_id	RHSA-2022:2195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2195

reference_url	https://access.redhat.com/errata/RHSA-2022:2196
reference_id	RHSA-2022:2196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2196

reference_url	https://access.redhat.com/errata/RHSA-2022:2199
reference_id	RHSA-2022:2199
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2199

reference_url	https://access.redhat.com/errata/RHSA-2022:2200
reference_id	RHSA-2022:2200
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2200

reference_url	https://access.redhat.com/errata/RHSA-2022:2202
reference_id	RHSA-2022:2202
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2202

reference_url	https://access.redhat.com/errata/RHSA-2022:4588
reference_id	RHSA-2022:4588
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4588

fixed_packages

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@5.0.17
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@5.0.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@5.0.17

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.5
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.5

aliases CVE-2022-29117, GHSA-3rq8-h3gj-r5c6

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m6bh-57h2-73a3

url VCID-nx74-pj4e-4fde

vulnerability_id VCID-nx74-pj4e-4fde

summary

ASP.NET Core and Visual Studio Denial of Service Vulnerability
A denial-of-service vulnerability exists in the way Kestrel parses HTTP/2 requests. The security update addresses the vulnerability by fixing the way the Kestrel parses HTTP/2 requests. Users are advised to upgrade.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-1723.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-1723.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-1723

reference_id

reference_type

scores

value	0.04579
scoring_system	epss
scoring_elements	0.89229
published_at	2026-04-18T12:55:00Z

value	0.04579
scoring_system	epss
scoring_elements	0.89169
published_at	2026-04-01T12:55:00Z

value	0.04579
scoring_system	epss
scoring_elements	0.89175
published_at	2026-04-02T12:55:00Z

value	0.04579
scoring_system	epss
scoring_elements	0.89189
published_at	2026-04-04T12:55:00Z

value	0.04579
scoring_system	epss
scoring_elements	0.89192
published_at	2026-04-07T12:55:00Z

value	0.04579
scoring_system	epss
scoring_elements	0.8921
published_at	2026-04-08T12:55:00Z

value	0.04579
scoring_system	epss
scoring_elements	0.89214
published_at	2026-04-09T12:55:00Z

value	0.04579
scoring_system	epss
scoring_elements	0.89224
published_at	2026-04-11T12:55:00Z

value	0.04579
scoring_system	epss
scoring_elements	0.8922
published_at	2026-04-12T12:55:00Z

value	0.04579
scoring_system	epss
scoring_elements	0.89217
published_at	2026-04-13T12:55:00Z

value	0.04579
scoring_system	epss
scoring_elements	0.8923
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-1723

reference_url

https://github.com/dotnet/announcements/issues/170

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/announcements/issues/170

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1723

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1723

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-1723

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-1723

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1914258
reference_id	1914258
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1914258

reference_url	https://security.archlinux.org/ASA-202103-16
reference_id	ASA-202103-16
reference_type
scores
url	https://security.archlinux.org/ASA-202103-16

reference_url	https://security.archlinux.org/ASA-202103-17
reference_id	ASA-202103-17
reference_type
scores
url	https://security.archlinux.org/ASA-202103-17

reference_url

https://security.archlinux.org/AVG-1449

reference_id

AVG-1449

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1449

reference_url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723
reference_id	CVE-2021-1723
reference_type
scores
url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723

reference_url

https://github.com/advisories/GHSA-242j-2gm6-5rwx

reference_id

GHSA-242j-2gm6-5rwx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-242j-2gm6-5rwx

reference_url	https://access.redhat.com/errata/RHSA-2021:0094
reference_id	RHSA-2021:0094
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0094

reference_url	https://access.redhat.com/errata/RHSA-2021:0095
reference_id	RHSA-2021:0095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0095

reference_url	https://access.redhat.com/errata/RHSA-2021:0096
reference_id	RHSA-2021:0096
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0096

reference_url	https://access.redhat.com/errata/RHSA-2021:0114
reference_id	RHSA-2021:0114
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0114

fixed_packages

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@5.0.2
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@5.0.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@5.0.2

aliases CVE-2021-1723, GHSA-242j-2gm6-5rwx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nx74-pj4e-4fde

url VCID-r5g1-zwbg-xubc

vulnerability_id VCID-r5g1-zwbg-xubc

summary

.NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A denial of service vulnerability exists in ASP.NET Core 3.1 and .NET 6.0 where a malicious client could cause a stack overflow which may result in a denial of service attack when an attacker sends a customized payload that is parsed during model binding.

## <a name="affected-software"></a>Affected software
* Any .NET 6.0 application running on .NET 6.0.8 or earlier.
* Any ASP.NET Core 3.1 application running on .NET Core 3.1.28 or earlier.
If your application uses the following package versions, ensure you update to the latest version of .NET.
### <a name="ASP.NET Core 3.1"></a>.NET Core 3.1
Package name | Affected version | Patched version
------------ | ---------------- | -------------------------
[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)|>= 3.1.0, < 3.1.29|3.1.29
[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)|>= 3.1.0, < 3.1.29|3.1.29
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)|>= 3.1.0, < 3.1.29|3.1.29
[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)|>= 3.1.0, < 3.1.29|3.1.29
[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)|>= 3.1.0, < 3.1.29|3.1.29
[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)|>= 3.1.0, < 3.1.29|3.1.29
[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)|>= 3.1.0, < 3.1.29|3.1.29
[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)|>= 3.1.5, < 3.1.29|3.1.29
[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)|>= 3.1.0, < 3.1.29|3.1.29
[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)|>= 3.1.0, < 3.1.29|3.1.29
### <a name=".NET 6"></a>.NET 6
Package name | Affected version | Patched version
------------ | ---------------- | -------------------------
[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)|>= 5.0.0, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)|>= 5.0.0, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)|>= 5.0.1, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)|>= 5.0.0, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)|>= 5.0.0, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)|>= 5.0.0, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64)|>= 6.0.0, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)|>= 5.0.0, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)|>= 5.0.0, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)|>= 5.0.0, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)|>= 5.0.0, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)|>= 5.0.0, < 6.0.9|6.0.9



### Other

Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/234
An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/43953
MSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38013.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38013.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-38013

reference_id

reference_type

scores

value	0.01128
scoring_system	epss
scoring_elements	0.78307
published_at	2026-04-12T12:55:00Z

value	0.01128
scoring_system	epss
scoring_elements	0.78303
published_at	2026-04-13T12:55:00Z

value	0.01128
scoring_system	epss
scoring_elements	0.78325
published_at	2026-04-11T12:55:00Z

value	0.01128
scoring_system	epss
scoring_elements	0.78254
published_at	2026-04-02T12:55:00Z

value	0.01128
scoring_system	epss
scoring_elements	0.7833
published_at	2026-04-18T12:55:00Z

value	0.01128
scoring_system	epss
scoring_elements	0.78332
published_at	2026-04-16T12:55:00Z

value	0.01128
scoring_system	epss
scoring_elements	0.78285
published_at	2026-04-04T12:55:00Z

value	0.01128
scoring_system	epss
scoring_elements	0.78267
published_at	2026-04-07T12:55:00Z

value	0.01128
scoring_system	epss
scoring_elements	0.78293
published_at	2026-04-08T12:55:00Z

value	0.01128
scoring_system	epss
scoring_elements	0.78299
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-38013

reference_url

https://github.com/dotnet/aspnetcore

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore

reference_url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-r8m2-4x37-6592

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-r8m2-4x37-6592

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-38013

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-38013

reference_url

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2125124
reference_id	2125124
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2125124

reference_url

https://github.com/advisories/GHSA-r8m2-4x37-6592

reference_id

GHSA-r8m2-4x37-6592

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r8m2-4x37-6592

reference_url	https://access.redhat.com/errata/RHSA-2022:6520
reference_id	RHSA-2022:6520
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6520

reference_url	https://access.redhat.com/errata/RHSA-2022:6521
reference_id	RHSA-2022:6521
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6521

reference_url	https://access.redhat.com/errata/RHSA-2022:6522
reference_id	RHSA-2022:6522
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6522

reference_url	https://access.redhat.com/errata/RHSA-2022:6523
reference_id	RHSA-2022:6523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6523

reference_url	https://access.redhat.com/errata/RHSA-2022:6539
reference_id	RHSA-2022:6539
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6539

reference_url	https://usn.ubuntu.com/5609-1/
reference_id	USN-5609-1
reference_type
scores
url	https://usn.ubuntu.com/5609-1/

fixed_packages

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.9
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.9

aliases CVE-2022-38013, GHSA-r8m2-4x37-6592

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r5g1-zwbg-xubc

url VCID-ujyg-uwtg-vqbt

vulnerability_id VCID-ujyg-uwtg-vqbt

summary

Uncontrolled Resource Consumption
.NET, Visual Studio and PowerShell Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23267.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23267.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23267

reference_id

reference_type

scores

value	0.08193
scoring_system	epss
scoring_elements	0.92213
published_at	2026-04-18T12:55:00Z

value	0.08193
scoring_system	epss
scoring_elements	0.92214
published_at	2026-04-16T12:55:00Z

value	0.08193
scoring_system	epss
scoring_elements	0.92203
published_at	2026-04-13T12:55:00Z

value	0.08193
scoring_system	epss
scoring_elements	0.922
published_at	2026-04-09T12:55:00Z

value	0.08193
scoring_system	epss
scoring_elements	0.92197
published_at	2026-04-08T12:55:00Z

value	0.08193
scoring_system	epss
scoring_elements	0.92186
published_at	2026-04-07T12:55:00Z

value	0.08193
scoring_system	epss
scoring_elements	0.92182
published_at	2026-04-04T12:55:00Z

value	0.08193
scoring_system	epss
scoring_elements	0.92176
published_at	2026-04-02T12:55:00Z

value	0.08193
scoring_system	epss
scoring_elements	0.92206
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23267

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dotnet/announcements/issues/221

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/announcements/issues/221

reference_url

https://github.com/dotnet/runtime/security/advisories/GHSA-485p-mrj5-8w2v

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/runtime/security/advisories/GHSA-485p-mrj5-8w2v

reference_url	https://github.com/PowerShell/Announcements/issues/32
reference_id
reference_type
scores
url	https://github.com/PowerShell/Announcements/issues/32

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23267

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23267

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2083650
reference_id	2083650
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2083650

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-23267

reference_id

CVE-2022-23267

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-23267

reference_url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267
reference_id	CVE-2022-23267
reference_type
scores
url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267

reference_url

https://github.com/advisories/GHSA-485p-mrj5-8w2v

reference_id

GHSA-485p-mrj5-8w2v

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-485p-mrj5-8w2v

reference_url	https://access.redhat.com/errata/RHSA-2022:2194
reference_id	RHSA-2022:2194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2194

reference_url	https://access.redhat.com/errata/RHSA-2022:2195
reference_id	RHSA-2022:2195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2195

reference_url	https://access.redhat.com/errata/RHSA-2022:2196
reference_id	RHSA-2022:2196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2196

reference_url	https://access.redhat.com/errata/RHSA-2022:2199
reference_id	RHSA-2022:2199
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2199

reference_url	https://access.redhat.com/errata/RHSA-2022:2200
reference_id	RHSA-2022:2200
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2200

reference_url	https://access.redhat.com/errata/RHSA-2022:2202
reference_id	RHSA-2022:2202
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2202

reference_url	https://access.redhat.com/errata/RHSA-2022:4588
reference_id	RHSA-2022:4588
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4588

fixed_packages

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@5.0.17
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@5.0.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@5.0.17

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.5
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.5

aliases CVE-2022-23267, GHSA-485p-mrj5-8w2v

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ujyg-uwtg-vqbt

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@5.0.0

Package Instance