Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.17

Type nuget

Namespace

Name Microsoft.AspNetCore.App.Runtime.win-arm

Version 3.1.17

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.0.19

Latest_non_vulnerable_version 7.0.19

Affected_by_vulnerabilities

url VCID-35e6-fjfc-p3h1

vulnerability_id VCID-35e6-fjfc-p3h1

summary

.NET Information Disclosure Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

An information disclosure vulnerability exists in .NET Core 3.1 and .NET 6.0 that could lead to unauthorized access of privileged information.

## <a name="affected-software"></a>Affected software

* Any .NET 6.0 application running on .NET 6.0.7 or earlier.
* Any .NET Core 3.1 applicaiton running on .NET Core 3.1.27 or earlier.

If your application uses the following package versions, ensure you update to the latest version of .NET.

### <a name=".NET Core 3.1"></a>.NET Core 3.1

Package name | Affected version | Patched version
------------ | ---------------- | -------------------------
[System.Security.Cryptography.Xml](http://system.security)| <=4.7.0| 4.7.1
[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)| >=3.1.0, 3.1.27| 3.1.28

### <a name=".NET 6"></a>.NET 6

Package name | Affected version | Patched version
------------ | ---------------- | -------------------------
[System.Security.Cryptography.Xml](https://www.nuget.org/packages/System.Security.Cryptography.Xml)| >=5.0.0, 6.0.0| 6.0.1
[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)| >=6.0.0, 6.0.7| 6.0.8

## Patches


* If you're using .NET 6.0, you should download and install Runtime 6.0.8 or SDK 6.0.108 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0.
* If you're using .NET Core 3.1, you should download and install Runtime 3.1.28 (for Visual Studio 2019 v16.9) from https://dotnet.microsoft.com/download/dotnet-core/3.1.


### Other

Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/232
An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/43166
MSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34716.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34716.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-34716

reference_id

reference_type

scores

value	0.00762
scoring_system	epss
scoring_elements	0.73756
published_at	2026-06-07T12:55:00Z

value	0.00762
scoring_system	epss
scoring_elements	0.7377
published_at	2026-06-06T12:55:00Z

value	0.00762
scoring_system	epss
scoring_elements	0.73765
published_at	2026-06-05T12:55:00Z

value	0.00762
scoring_system	epss
scoring_elements	0.73729
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-34716

reference_url

https://github.com/dotnet/announcements/issues/232

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/announcements/issues/232

reference_url

https://github.com/dotnet/aspnetcore/issues/43166

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/issues/43166

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T20:04:18Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-34716

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-34716

reference_url

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2115183
reference_id	2115183
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2115183

reference_url

https://github.com/advisories/GHSA-vh55-786g-wjwj

reference_id

GHSA-vh55-786g-wjwj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vh55-786g-wjwj

reference_url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj

reference_id

GHSA-vh55-786g-wjwj

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj

reference_url	https://access.redhat.com/errata/RHSA-2022:6037
reference_id	RHSA-2022:6037
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6037

reference_url	https://access.redhat.com/errata/RHSA-2022:6038
reference_id	RHSA-2022:6038
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6038

reference_url	https://access.redhat.com/errata/RHSA-2022:6043
reference_id	RHSA-2022:6043
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6043

reference_url	https://access.redhat.com/errata/RHSA-2022:6057
reference_id	RHSA-2022:6057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6057

reference_url	https://access.redhat.com/errata/RHSA-2022:6058
reference_id	RHSA-2022:6058
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6058

fixed_packages

url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.28

purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-as33-d56d-fqek

vulnerability	VCID-g1fd-q1xg-wbcv

vulnerability	VCID-j3bh-ygvh-cqfn

vulnerability	VCID-va1v-dc3f-pbfp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.28

url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.8

purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-as33-d56d-fqek

vulnerability	VCID-g1fd-q1xg-wbcv

vulnerability	VCID-j3bh-ygvh-cqfn

vulnerability	VCID-va1v-dc3f-pbfp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.8

aliases CVE-2022-34716, GHSA-vh55-786g-wjwj, GMS-2024-75, GMS-2024-76, GMS-2024-77, GMS-2024-78, GMS-2024-79, GMS-2024-80, GMS-2024-81, GMS-2024-82, GMS-2024-83, GMS-2024-84, GMS-2024-85, GMS-2024-86, GMS-2024-90

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-35e6-fjfc-p3h1

url VCID-4ycx-mrvt-b7du

vulnerability_id VCID-4ycx-mrvt-b7du

summary This advisory has been marked as False-Positive and removed.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24464.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24464.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24464

reference_id

reference_type

scores

value	0.0064
scoring_system	epss
scoring_elements	0.70973
published_at	2026-06-07T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70941
published_at	2026-06-04T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.70983
published_at	2026-06-05T12:55:00Z

value	0.0064
scoring_system	epss
scoring_elements	0.7099
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24464

reference_url

https://github.com/dotnet/announcements/issues/212

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/announcements/issues/212

reference_url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:00:22Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2061847
reference_id	2061847
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2061847

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-24464

reference_id

CVE-2022-24464

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-24464

reference_url

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464

reference_id

CVE-2022-24464

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464

reference_url

https://github.com/advisories/GHSA-cw98-9j8w-wxv9

reference_id

GHSA-cw98-9j8w-wxv9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cw98-9j8w-wxv9

reference_url	https://access.redhat.com/errata/RHSA-2022:0826
reference_id	RHSA-2022:0826
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0826

reference_url	https://access.redhat.com/errata/RHSA-2022:0827
reference_id	RHSA-2022:0827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0827

reference_url	https://access.redhat.com/errata/RHSA-2022:0828
reference_id	RHSA-2022:0828
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0828

reference_url	https://access.redhat.com/errata/RHSA-2022:0829
reference_id	RHSA-2022:0829
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0829

reference_url	https://access.redhat.com/errata/RHSA-2022:0830
reference_id	RHSA-2022:0830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0830

reference_url	https://access.redhat.com/errata/RHSA-2022:0832
reference_id	RHSA-2022:0832
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0832

fixed_packages

url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.23

purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35e6-fjfc-p3h1

vulnerability	VCID-as33-d56d-fqek

vulnerability	VCID-eayc-8yee-3fdd

vulnerability	VCID-ezwq-a93y-3be1

vulnerability	VCID-g1fd-q1xg-wbcv

vulnerability	VCID-j3bh-ygvh-cqfn

vulnerability	VCID-knv1-ccs2-z3h9

vulnerability	VCID-va1v-dc3f-pbfp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.23

url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@5.0.15

purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@5.0.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-as33-d56d-fqek

vulnerability	VCID-eayc-8yee-3fdd

vulnerability	VCID-ezwq-a93y-3be1

vulnerability	VCID-g1fd-q1xg-wbcv

vulnerability	VCID-j3bh-ygvh-cqfn

vulnerability	VCID-knv1-ccs2-z3h9

vulnerability	VCID-va1v-dc3f-pbfp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@5.0.15

url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.3

purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35e6-fjfc-p3h1

vulnerability	VCID-as33-d56d-fqek

vulnerability	VCID-eayc-8yee-3fdd

vulnerability	VCID-ezwq-a93y-3be1

vulnerability	VCID-g1fd-q1xg-wbcv

vulnerability	VCID-j3bh-ygvh-cqfn

vulnerability	VCID-knv1-ccs2-z3h9

vulnerability	VCID-va1v-dc3f-pbfp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.3

aliases CVE-2022-24464, GHSA-cw98-9j8w-wxv9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ycx-mrvt-b7du

url VCID-as33-d56d-fqek

vulnerability_id VCID-as33-d56d-fqek

summary

Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET 6.0, ASP.NET 7.0 and, ASP.NET 8.0 . This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.

A vulnerability exists in ASP.NET applications using SignalR where a malicious client can result in a denial-of-service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21386.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21386.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-21386

reference_id

reference_type

scores

value	0.02393
scoring_system	epss
scoring_elements	0.8535
published_at	2026-06-06T12:55:00Z

value	0.02393
scoring_system	epss
scoring_elements	0.85344
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-21386

reference_url

https://github.com/dotnet/aspnetcore

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2263085
reference_id	2263085
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2263085

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386

reference_id

CVE-2024-21386

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T20:15:43Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-21386

reference_id

CVE-2024-21386

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-21386

reference_url

https://github.com/advisories/GHSA-g74q-5xw3-j7q9

reference_id

GHSA-g74q-5xw3-j7q9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g74q-5xw3-j7q9

reference_url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-g74q-5xw3-j7q9

reference_id

GHSA-g74q-5xw3-j7q9

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-g74q-5xw3-j7q9

reference_url	https://access.redhat.com/errata/RHSA-2024:0805
reference_id	RHSA-2024:0805
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0805

reference_url	https://access.redhat.com/errata/RHSA-2024:0806
reference_id	RHSA-2024:0806
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0806

reference_url	https://access.redhat.com/errata/RHSA-2024:0807
reference_id	RHSA-2024:0807
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0807

reference_url	https://access.redhat.com/errata/RHSA-2024:0808
reference_id	RHSA-2024:0808
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0808

reference_url	https://access.redhat.com/errata/RHSA-2024:0814
reference_id	RHSA-2024:0814
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0814

reference_url	https://access.redhat.com/errata/RHSA-2024:0827
reference_id	RHSA-2024:0827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0827

reference_url	https://access.redhat.com/errata/RHSA-2024:0848
reference_id	RHSA-2024:0848
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0848

reference_url	https://access.redhat.com/errata/RHSA-2024:2843
reference_id	RHSA-2024:2843
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2843

reference_url	https://access.redhat.com/errata/RHSA-2024:3340
reference_id	RHSA-2024:3340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3340

reference_url	https://usn.ubuntu.com/6634-1/
reference_id	USN-6634-1
reference_type
scores
url	https://usn.ubuntu.com/6634-1/

fixed_packages

url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.27

purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g1fd-q1xg-wbcv

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.27

url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@7.0.16

purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@7.0.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g1fd-q1xg-wbcv

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@7.0.16

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@8.0.2
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@8.0.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@8.0.2

aliases CVE-2024-21386, GHSA-g74q-5xw3-j7q9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-as33-d56d-fqek

url VCID-eayc-8yee-3fdd

vulnerability_id VCID-eayc-8yee-3fdd

summary This advisory has been marked as False-Positive and removed.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29117.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29117.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29117

reference_id

reference_type

scores

value	0.01387
scoring_system	epss
scoring_elements	0.80671
published_at	2026-06-04T12:55:00Z

value	0.01387
scoring_system	epss
scoring_elements	0.80695
published_at	2026-06-07T12:55:00Z

value	0.01387
scoring_system	epss
scoring_elements	0.807
published_at	2026-06-06T12:55:00Z

value	0.01387
scoring_system	epss
scoring_elements	0.80698
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29117

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dotnet/aspnetcore

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore

reference_url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29117

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:34:50Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29117

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2083647
reference_id	2083647
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2083647

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-29117

reference_id

CVE-2022-29117

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-29117

reference_url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117
reference_id	CVE-2022-29117
reference_type
scores
url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117

reference_url

https://github.com/advisories/GHSA-3rq8-h3gj-r5c6

reference_id

GHSA-3rq8-h3gj-r5c6

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3rq8-h3gj-r5c6

reference_url	https://access.redhat.com/errata/RHSA-2022:2194
reference_id	RHSA-2022:2194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2194

reference_url	https://access.redhat.com/errata/RHSA-2022:2195
reference_id	RHSA-2022:2195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2195

reference_url	https://access.redhat.com/errata/RHSA-2022:2196
reference_id	RHSA-2022:2196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2196

reference_url	https://access.redhat.com/errata/RHSA-2022:2199
reference_id	RHSA-2022:2199
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2199

reference_url	https://access.redhat.com/errata/RHSA-2022:2200
reference_id	RHSA-2022:2200
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2200

reference_url	https://access.redhat.com/errata/RHSA-2022:2202
reference_id	RHSA-2022:2202
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2202

reference_url	https://access.redhat.com/errata/RHSA-2022:4588
reference_id	RHSA-2022:4588
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4588

fixed_packages

url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.25

purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35e6-fjfc-p3h1

vulnerability	VCID-as33-d56d-fqek

vulnerability	VCID-g1fd-q1xg-wbcv

vulnerability	VCID-j3bh-ygvh-cqfn

vulnerability	VCID-va1v-dc3f-pbfp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.25

url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@5.0.17

purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@5.0.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-as33-d56d-fqek

vulnerability	VCID-g1fd-q1xg-wbcv

vulnerability	VCID-j3bh-ygvh-cqfn

vulnerability	VCID-va1v-dc3f-pbfp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@5.0.17

url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.5

purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35e6-fjfc-p3h1

vulnerability	VCID-as33-d56d-fqek

vulnerability	VCID-g1fd-q1xg-wbcv

vulnerability	VCID-j3bh-ygvh-cqfn

vulnerability	VCID-va1v-dc3f-pbfp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.5

aliases CVE-2022-29117, GHSA-3rq8-h3gj-r5c6

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eayc-8yee-3fdd

url VCID-ezwq-a93y-3be1

vulnerability_id VCID-ezwq-a93y-3be1

summary dotnet: parsing HTML causes Denial of Service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29145.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29145.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29145

reference_id

reference_type

scores

value	0.04164
scoring_system	epss
scoring_elements	0.88891
published_at	2026-06-07T12:55:00Z

value	0.04164
scoring_system	epss
scoring_elements	0.88875
published_at	2026-06-04T12:55:00Z

value	0.04164
scoring_system	epss
scoring_elements	0.88892
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29145

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-fcg8-mg9g-6hc4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-fcg8-mg9g-6hc4

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29145

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-27T13:50:08Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29145

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-29145

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-29145

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2083649
reference_id	2083649
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2083649

reference_url

https://github.com/advisories/GHSA-fcg8-mg9g-6hc4

reference_id

GHSA-fcg8-mg9g-6hc4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fcg8-mg9g-6hc4

reference_url	https://access.redhat.com/errata/RHSA-2022:2194
reference_id	RHSA-2022:2194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2194

reference_url	https://access.redhat.com/errata/RHSA-2022:2195
reference_id	RHSA-2022:2195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2195

reference_url	https://access.redhat.com/errata/RHSA-2022:2196
reference_id	RHSA-2022:2196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2196

reference_url	https://access.redhat.com/errata/RHSA-2022:2199
reference_id	RHSA-2022:2199
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2199

reference_url	https://access.redhat.com/errata/RHSA-2022:2200
reference_id	RHSA-2022:2200
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2200

reference_url	https://access.redhat.com/errata/RHSA-2022:2202
reference_id	RHSA-2022:2202
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2202

reference_url	https://access.redhat.com/errata/RHSA-2022:4588
reference_id	RHSA-2022:4588
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4588

fixed_packages

url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.25

purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35e6-fjfc-p3h1

vulnerability	VCID-as33-d56d-fqek

vulnerability	VCID-g1fd-q1xg-wbcv

vulnerability	VCID-j3bh-ygvh-cqfn

vulnerability	VCID-va1v-dc3f-pbfp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.25

url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@5.0.17

purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@5.0.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-as33-d56d-fqek

vulnerability	VCID-g1fd-q1xg-wbcv

vulnerability	VCID-j3bh-ygvh-cqfn

vulnerability	VCID-va1v-dc3f-pbfp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@5.0.17

url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.5

purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35e6-fjfc-p3h1

vulnerability	VCID-as33-d56d-fqek

vulnerability	VCID-g1fd-q1xg-wbcv

vulnerability	VCID-j3bh-ygvh-cqfn

vulnerability	VCID-va1v-dc3f-pbfp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.5

aliases CVE-2022-29145, GHSA-fcg8-mg9g-6hc4

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ezwq-a93y-3be1

url VCID-g1fd-q1xg-wbcv

vulnerability_id VCID-g1fd-q1xg-wbcv

summary

Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A Vulnerability exist in Microsoft.AspNetCore.Server.Kestrel.Core.dll where a dead-lock can occur resulting in Denial of Service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30046.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30046.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-30046

reference_id

reference_type

scores

value	0.00175
scoring_system	epss
scoring_elements	0.38718
published_at	2026-06-07T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.38746
published_at	2026-06-06T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.38742
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-30046

reference_url

https://github.com/dotnet/announcements/issues/308

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/announcements/issues/308

reference_url

https://github.com/dotnet/aspnetcore

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore

reference_url

https://github.com/dotnet/aspnetcore/issues/55714

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/issues/55714

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2279697
reference_id	2279697
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2279697

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046

reference_id

CVE-2024-30046

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-15T16:43:57Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-30046

reference_id

CVE-2024-30046

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-30046

reference_url

https://github.com/advisories/GHSA-hhc7-x9w4-cw47

reference_id

GHSA-hhc7-x9w4-cw47

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hhc7-x9w4-cw47

reference_url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-hhc7-x9w4-cw47

reference_id

GHSA-hhc7-x9w4-cw47

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-hhc7-x9w4-cw47

reference_url	https://access.redhat.com/errata/RHSA-2024:2842
reference_id	RHSA-2024:2842
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2842

reference_url	https://access.redhat.com/errata/RHSA-2024:2843
reference_id	RHSA-2024:2843
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2843

reference_url	https://access.redhat.com/errata/RHSA-2024:3340
reference_id	RHSA-2024:3340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3340

reference_url	https://access.redhat.com/errata/RHSA-2024:3345
reference_id	RHSA-2024:3345
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3345

reference_url	https://usn.ubuntu.com/6773-1/
reference_id	USN-6773-1
reference_type
scores
url	https://usn.ubuntu.com/6773-1/

fixed_packages

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@7.0.19
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@7.0.19
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@7.0.19

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@8.0.5
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@8.0.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@8.0.5

aliases CVE-2024-30046, GHSA-hhc7-x9w4-cw47

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g1fd-q1xg-wbcv

url VCID-j3bh-ygvh-cqfn

vulnerability_id VCID-j3bh-ygvh-cqfn

summary dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38013.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38013.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-38013

reference_id

reference_type

scores

value	0.01487
scoring_system	epss
scoring_elements	0.81367
published_at	2026-06-04T12:55:00Z

value	0.01487
scoring_system	epss
scoring_elements	0.81397
published_at	2026-06-06T12:55:00Z

value	0.01487
scoring_system	epss
scoring_elements	0.81395
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-38013

reference_url

https://github.com/dotnet/aspnetcore

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore

reference_url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-r8m2-4x37-6592

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-r8m2-4x37-6592

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-15T14:39:58Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-38013

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-38013

reference_url

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2125124
reference_id	2125124
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2125124

reference_url

https://github.com/advisories/GHSA-r8m2-4x37-6592

reference_id

GHSA-r8m2-4x37-6592

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r8m2-4x37-6592

reference_url	https://access.redhat.com/errata/RHSA-2022:6520
reference_id	RHSA-2022:6520
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6520

reference_url	https://access.redhat.com/errata/RHSA-2022:6521
reference_id	RHSA-2022:6521
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6521

reference_url	https://access.redhat.com/errata/RHSA-2022:6522
reference_id	RHSA-2022:6522
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6522

reference_url	https://access.redhat.com/errata/RHSA-2022:6523
reference_id	RHSA-2022:6523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6523

reference_url	https://access.redhat.com/errata/RHSA-2022:6539
reference_id	RHSA-2022:6539
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6539

reference_url	https://usn.ubuntu.com/5609-1/
reference_id	USN-5609-1
reference_type
scores
url	https://usn.ubuntu.com/5609-1/

fixed_packages

url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.29

purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-as33-d56d-fqek

vulnerability	VCID-g1fd-q1xg-wbcv

vulnerability	VCID-va1v-dc3f-pbfp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.29

url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.9

purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-as33-d56d-fqek

vulnerability	VCID-g1fd-q1xg-wbcv

vulnerability	VCID-va1v-dc3f-pbfp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.9

aliases CVE-2022-38013, GHSA-r8m2-4x37-6592

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j3bh-ygvh-cqfn

url VCID-knv1-ccs2-z3h9

vulnerability_id VCID-knv1-ccs2-z3h9

summary

Uncontrolled Resource Consumption
.NET, Visual Studio and PowerShell Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23267.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23267.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23267

reference_id

reference_type

scores

value	0.06422
scoring_system	epss
scoring_elements	0.91223
published_at	2026-06-07T12:55:00Z

value	0.06422
scoring_system	epss
scoring_elements	0.91213
published_at	2026-06-04T12:55:00Z

value	0.06422
scoring_system	epss
scoring_elements	0.91226
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23267

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/dotnet/announcements/issues/221

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/announcements/issues/221

reference_url

https://github.com/dotnet/runtime/security/advisories/GHSA-485p-mrj5-8w2v

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/runtime/security/advisories/GHSA-485p-mrj5-8w2v

reference_url	https://github.com/PowerShell/Announcements/issues/32
reference_id
reference_type
scores
url	https://github.com/PowerShell/Announcements/issues/32

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23267

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:36:15Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23267

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2083650
reference_id	2083650
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2083650

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-23267

reference_id

CVE-2022-23267

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-23267

reference_url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267
reference_id	CVE-2022-23267
reference_type
scores
url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267

reference_url

https://github.com/advisories/GHSA-485p-mrj5-8w2v

reference_id

GHSA-485p-mrj5-8w2v

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-485p-mrj5-8w2v

reference_url	https://access.redhat.com/errata/RHSA-2022:2194
reference_id	RHSA-2022:2194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2194

reference_url	https://access.redhat.com/errata/RHSA-2022:2195
reference_id	RHSA-2022:2195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2195

reference_url	https://access.redhat.com/errata/RHSA-2022:2196
reference_id	RHSA-2022:2196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2196

reference_url	https://access.redhat.com/errata/RHSA-2022:2199
reference_id	RHSA-2022:2199
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2199

reference_url	https://access.redhat.com/errata/RHSA-2022:2200
reference_id	RHSA-2022:2200
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2200

reference_url	https://access.redhat.com/errata/RHSA-2022:2202
reference_id	RHSA-2022:2202
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2202

reference_url	https://access.redhat.com/errata/RHSA-2022:4588
reference_id	RHSA-2022:4588
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4588

fixed_packages

url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.25

purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35e6-fjfc-p3h1

vulnerability	VCID-as33-d56d-fqek

vulnerability	VCID-g1fd-q1xg-wbcv

vulnerability	VCID-j3bh-ygvh-cqfn

vulnerability	VCID-va1v-dc3f-pbfp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.25

url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@5.0.17

purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@5.0.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-as33-d56d-fqek

vulnerability	VCID-g1fd-q1xg-wbcv

vulnerability	VCID-j3bh-ygvh-cqfn

vulnerability	VCID-va1v-dc3f-pbfp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@5.0.17

url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.5

purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-35e6-fjfc-p3h1

vulnerability	VCID-as33-d56d-fqek

vulnerability	VCID-g1fd-q1xg-wbcv

vulnerability	VCID-j3bh-ygvh-cqfn

vulnerability	VCID-va1v-dc3f-pbfp

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.5

aliases CVE-2022-23267, GHSA-485p-mrj5-8w2v

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-knv1-ccs2-z3h9

url VCID-va1v-dc3f-pbfp

vulnerability_id VCID-va1v-dc3f-pbfp

summary

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
ASP.NET and Visual Studio Security Feature Bypass Vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33170.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33170.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-33170

reference_id

reference_type

scores

value	0.0024
scoring_system	epss
scoring_elements	0.475
published_at	2026-06-05T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47485
published_at	2026-06-07T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47503
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-33170

reference_url

https://github.com/dotnet/aspnetcore

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore

reference_url

https://github.com/dotnet/aspnetcore/issues/49334

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/issues/49334

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2221854
reference_id	2221854
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2221854

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170

reference_id

CVE-2023-33170

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-03T16:24:03Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-33170

reference_id

CVE-2023-33170

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-33170

reference_url

https://github.com/advisories/GHSA-25c8-p796-jg6r

reference_id

GHSA-25c8-p796-jg6r

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-25c8-p796-jg6r

reference_url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-25c8-p796-jg6r

reference_id

GHSA-25c8-p796-jg6r

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dotnet/aspnetcore/security/advisories/GHSA-25c8-p796-jg6r

reference_url	https://access.redhat.com/errata/RHSA-2023:4057
reference_id	RHSA-2023:4057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4057

reference_url	https://access.redhat.com/errata/RHSA-2023:4058
reference_id	RHSA-2023:4058
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4058

reference_url	https://access.redhat.com/errata/RHSA-2023:4059
reference_id	RHSA-2023:4059
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4059

reference_url	https://access.redhat.com/errata/RHSA-2023:4060
reference_id	RHSA-2023:4060
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4060

reference_url	https://access.redhat.com/errata/RHSA-2023:4061
reference_id	RHSA-2023:4061
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4061

reference_url	https://access.redhat.com/errata/RHSA-2023:4448
reference_id	RHSA-2023:4448
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4448

reference_url	https://access.redhat.com/errata/RHSA-2023:4449
reference_id	RHSA-2023:4449
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4449

reference_url	https://usn.ubuntu.com/6217-1/
reference_id	USN-6217-1
reference_type
scores
url	https://usn.ubuntu.com/6217-1/

fixed_packages

url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.20

purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-as33-d56d-fqek

vulnerability	VCID-g1fd-q1xg-wbcv

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.20

url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@7.0.9

purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@7.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yt3-svsa-wugc

vulnerability	VCID-as33-d56d-fqek

vulnerability	VCID-g1fd-q1xg-wbcv

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@7.0.9

aliases CVE-2023-33170, GHSA-25c8-p796-jg6r

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-va1v-dc3f-pbfp

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.17

Package Instance