Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@3.1.0
Typenuget
Namespace
NameMicrosoft.AspNetCore.App.Runtime.linux-musl-arm
Version3.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.0.27
Latest_non_vulnerable_version10.0.4
Affected_by_vulnerabilities
0
url VCID-naj1-hh3a-q7ej
vulnerability_id VCID-naj1-hh3a-q7ej
summary 
Duplicate Advisory: .NET Information Disclosure Vulnerability
# Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-vh55-786g-wjwj. This link is maintained to preserve external references.

# Original Description
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0.  An information disclosure vulnerability exists in .NET Core 3.1 and .NET 6.0 that could lead to unauthorized access of privileged information.

## Affected software

* Any .NET 6.0 application running on .NET 6.0.7 or earlier.
* Any .NET Core 3.1 applicaiton running on .NET Core 3.1.27 or earlier.

## Patches

* If you're using .NET 6.0, you should download and install Runtime 6.0.8 or SDK 6.0.108 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0.
* If you're using .NET Core 3.1, you should download and install Runtime 3.1.28 (for Visual Studio 2019 v16.9) from https://dotnet.microsoft.com/download/dotnet-core/3.1.
references
0
reference_url https://github.com/dotnet/announcements/issues/232
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/announcements/issues/232
1
reference_url https://github.com/dotnet/aspnetcore/issues/43166
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/issues/43166
2
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj
3
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34716
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34716
5
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716
6
reference_url https://github.com/advisories/GHSA-2m65-m22p-9wjw
reference_id GHSA-2m65-m22p-9wjw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2m65-m22p-9wjw
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@3.1.28
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@3.1.28
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@3.1.28
1
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.8
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dp82-cuxf-9yhq
1
vulnerability VCID-r5g1-zwbg-xubc
2
vulnerability VCID-ysmy-fhmq-ffdu
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.8
aliases GHSA-2m65-m22p-9wjw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-naj1-hh3a-q7ej
1
url VCID-rz8f-jn6b-a7fw
vulnerability_id VCID-rz8f-jn6b-a7fw
summary 
.NET Information Disclosure Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

An information disclosure vulnerability exists in .NET Core 3.1 and .NET 6.0 that could lead to unauthorized access of privileged information.

## <a name="affected-software"></a>Affected software

* Any .NET 6.0 application running on .NET 6.0.7 or earlier.
* Any .NET Core 3.1 applicaiton running on .NET Core 3.1.27 or earlier.

If your application uses the following package versions, ensure you update to the latest version of .NET.

### <a name=".NET Core 3.1"></a>.NET Core 3.1

Package name | Affected version | Patched version
------------ | ---------------- | -------------------------
[System.Security.Cryptography.Xml](http://system.security)| <=4.7.0| 4.7.1
[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)| >=3.1.0, 3.1.27| 3.1.28

### <a name=".NET 6"></a>.NET 6

Package name | Affected version | Patched version
------------ | ---------------- | -------------------------
[System.Security.Cryptography.Xml](https://www.nuget.org/packages/System.Security.Cryptography.Xml)| >=5.0.0, 6.0.0| 6.0.1
[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)| >=6.0.0, 6.0.7| 6.0.8

## Patches


* If you're using .NET 6.0, you should download and install Runtime 6.0.8 or SDK 6.0.108 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0.
* If you're using .NET Core 3.1, you should download and install Runtime 3.1.28 (for Visual Studio 2019 v16.9) from https://dotnet.microsoft.com/download/dotnet-core/3.1.


### Other

Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/232
An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/43166
MSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34716.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34716.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34716
reference_id
reference_type
scores
0
value 0.00952
scoring_system epss
scoring_elements 0.76415
published_at 2026-04-21T12:55:00Z
1
value 0.00952
scoring_system epss
scoring_elements 0.76431
published_at 2026-04-18T12:55:00Z
2
value 0.00952
scoring_system epss
scoring_elements 0.76425
published_at 2026-04-16T12:55:00Z
3
value 0.00952
scoring_system epss
scoring_elements 0.76385
published_at 2026-04-13T12:55:00Z
4
value 0.01106
scoring_system epss
scoring_elements 0.78103
published_at 2026-04-12T12:55:00Z
5
value 0.01106
scoring_system epss
scoring_elements 0.78121
published_at 2026-04-11T12:55:00Z
6
value 0.01106
scoring_system epss
scoring_elements 0.78094
published_at 2026-04-09T12:55:00Z
7
value 0.01106
scoring_system epss
scoring_elements 0.7809
published_at 2026-04-08T12:55:00Z
8
value 0.01106
scoring_system epss
scoring_elements 0.78064
published_at 2026-04-07T12:55:00Z
9
value 0.01106
scoring_system epss
scoring_elements 0.78082
published_at 2026-04-04T12:55:00Z
10
value 0.01106
scoring_system epss
scoring_elements 0.78053
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34716
2
reference_url https://github.com/dotnet/announcements/issues/232
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/announcements/issues/232
3
reference_url https://github.com/dotnet/aspnetcore/issues/43166
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/issues/43166
4
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj
5
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T20:04:18Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34716
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34716
7
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2115183
reference_id 2115183
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2115183
9
reference_url https://github.com/advisories/GHSA-vh55-786g-wjwj
reference_id GHSA-vh55-786g-wjwj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vh55-786g-wjwj
10
reference_url https://access.redhat.com/errata/RHSA-2022:6037
reference_id RHSA-2022:6037
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6037
11
reference_url https://access.redhat.com/errata/RHSA-2022:6038
reference_id RHSA-2022:6038
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6038
12
reference_url https://access.redhat.com/errata/RHSA-2022:6043
reference_id RHSA-2022:6043
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6043
13
reference_url https://access.redhat.com/errata/RHSA-2022:6057
reference_id RHSA-2022:6057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6057
14
reference_url https://access.redhat.com/errata/RHSA-2022:6058
reference_id RHSA-2022:6058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6058
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@3.1.28
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@3.1.28
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@3.1.28
1
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.8
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dp82-cuxf-9yhq
1
vulnerability VCID-r5g1-zwbg-xubc
2
vulnerability VCID-ysmy-fhmq-ffdu
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.8
aliases CVE-2022-34716, GHSA-vh55-786g-wjwj, GMS-2024-75, GMS-2024-76, GMS-2024-77, GMS-2024-78, GMS-2024-79, GMS-2024-80, GMS-2024-81, GMS-2024-82, GMS-2024-83, GMS-2024-84, GMS-2024-85, GMS-2024-86, GMS-2024-90
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rz8f-jn6b-a7fw
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@3.1.0