Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:nuget/Microsoft.AspNetCore.All@2.0.6
Typenuget
Namespace
NameMicrosoft.AspNetCore.All
Version2.0.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.1.30
Latest_non_vulnerable_version2.1.30
Affected_by_vulnerabilities
0
url VCID-ct2x-rftj-tydp
vulnerability_id VCID-ct2x-rftj-tydp
summary 
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core
Microsoft is aware of a denial of service vulnerability in ASP.NET Core when a malformed request is terminated. An attacker who successfully exploited this vulnerability could cause a denial of service attack.

The update addresses the vulnerability by correcting how ASP.NET Core handles such requests.
references
0
reference_url https://github.com/aspnet/Announcements/issues/311
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aspnet/Announcements/issues/311
1
reference_url https://github.com/advisories/GHSA-cgpw-2gph-2r9g
reference_id GHSA-cgpw-2gph-2r9g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-cgpw-2gph-2r9g
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.All@2.0.9
purl pkg:nuget/Microsoft.AspNetCore.All@2.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zdjb-98e7-6bgn
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.0.9
1
url pkg:nuget/Microsoft.AspNetCore.All@2.1.2
purl pkg:nuget/Microsoft.AspNetCore.All@2.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gtv-nubh-73a9
1
vulnerability VCID-aqyy-zs6z-v7ar
2
vulnerability VCID-cja1-29th-9qbf
3
vulnerability VCID-j761-wgke-97d8
4
vulnerability VCID-mrdj-nvz7-xyet
5
vulnerability VCID-n3cs-wjun-vfhe
6
vulnerability VCID-pa95-mtgb-yuf2
7
vulnerability VCID-wzeg-jdcg-tfct
8
vulnerability VCID-z54f-eupv-n7be
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.1.2
aliases GHSA-cgpw-2gph-2r9g, GMS-2018-36, GMS-2018-38, GMS-2018-44
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ct2x-rftj-tydp
1
url VCID-vyrd-u846-8kdu
vulnerability_id VCID-vyrd-u846-8kdu
summary 
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv
Microsoft made an internal discovery of a security vulnerability in version 2.x of ASP.NET Core where
a specially crafted request can cause excess resource consumption in Kestrel.
references
0
reference_url https://github.com/aspnet/Announcements/issues/300
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aspnet/Announcements/issues/300
1
reference_url https://github.com/advisories/GHSA-3m2r-q8x3-xmf7
reference_id GHSA-3m2r-q8x3-xmf7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3m2r-q8x3-xmf7
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.All@2.0.8
purl pkg:nuget/Microsoft.AspNetCore.All@2.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ct2x-rftj-tydp
1
vulnerability VCID-zdjb-98e7-6bgn
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.0.8
aliases GHSA-3m2r-q8x3-xmf7, GMS-2018-37, GMS-2018-39, GMS-2018-40, GMS-2018-43
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vyrd-u846-8kdu
2
url VCID-zdjb-98e7-6bgn
vulnerability_id VCID-zdjb-98e7-6bgn
summary Microsoft Security Advisory CVE-2018-8292: .NET Core Information Disclosure Vulnerability
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2902
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2902
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8292.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8292.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8292
reference_id
reference_type
scores
0
value 0.06775
scoring_system epss
scoring_elements 0.91307
published_at 2026-04-13T12:55:00Z
1
value 0.06775
scoring_system epss
scoring_elements 0.91308
published_at 2026-04-12T12:55:00Z
2
value 0.06775
scoring_system epss
scoring_elements 0.91305
published_at 2026-04-11T12:55:00Z
3
value 0.06775
scoring_system epss
scoring_elements 0.91298
published_at 2026-04-09T12:55:00Z
4
value 0.06775
scoring_system epss
scoring_elements 0.91292
published_at 2026-04-08T12:55:00Z
5
value 0.06775
scoring_system epss
scoring_elements 0.91258
published_at 2026-04-01T12:55:00Z
6
value 0.06775
scoring_system epss
scoring_elements 0.9128
published_at 2026-04-07T12:55:00Z
7
value 0.06775
scoring_system epss
scoring_elements 0.91263
published_at 2026-04-02T12:55:00Z
8
value 0.06775
scoring_system epss
scoring_elements 0.91273
published_at 2026-04-04T12:55:00Z
9
value 0.06775
scoring_system epss
scoring_elements 0.91333
published_at 2026-04-21T12:55:00Z
10
value 0.06775
scoring_system epss
scoring_elements 0.91332
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8292
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/dotnet/announcements/issues/88
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/announcements/issues/88
5
reference_url http://www.securityfocus.com/bid/105548
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105548
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1636274
reference_id 1636274
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1636274
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8292
reference_id CVE-2018-8292
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8292
8
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292
reference_id CVE-2018-8292
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292
9
reference_url https://github.com/advisories/GHSA-7jgj-8wvc-jh57
reference_id GHSA-7jgj-8wvc-jh57
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7jgj-8wvc-jh57
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.All@2.1.1
purl pkg:nuget/Microsoft.AspNetCore.All@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gtv-nubh-73a9
1
vulnerability VCID-aqyy-zs6z-v7ar
2
vulnerability VCID-cja1-29th-9qbf
3
vulnerability VCID-ct2x-rftj-tydp
4
vulnerability VCID-j761-wgke-97d8
5
vulnerability VCID-mrdj-nvz7-xyet
6
vulnerability VCID-n3cs-wjun-vfhe
7
vulnerability VCID-pa95-mtgb-yuf2
8
vulnerability VCID-wzeg-jdcg-tfct
9
vulnerability VCID-z54f-eupv-n7be
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.1.1
aliases CVE-2018-8292, GHSA-7jgj-8wvc-jh57
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zdjb-98e7-6bgn
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.0.6