Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.0
Typenuget
Namespace
NameMicrosoft.AspNetCore.App.Runtime.osx-x64
Version3.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-9zu6-5d4v-f3ht
vulnerability_id VCID-9zu6-5d4v-f3ht
summary Microsoft Security Advisory CVE-2020-0603 : ASP.NET Core Remote Code Execution Vulnerability
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0130
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0130
1
reference_url https://access.redhat.com/errata/RHSA-2020:0134
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0134
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0603.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0603.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-0603
reference_id
reference_type
scores
0
value 0.10785
scoring_system epss
scoring_elements 0.93366
published_at 2026-04-16T12:55:00Z
1
value 0.10785
scoring_system epss
scoring_elements 0.93318
published_at 2026-04-01T12:55:00Z
2
value 0.10785
scoring_system epss
scoring_elements 0.93326
published_at 2026-04-02T12:55:00Z
3
value 0.10785
scoring_system epss
scoring_elements 0.93348
published_at 2026-04-13T12:55:00Z
4
value 0.10785
scoring_system epss
scoring_elements 0.93333
published_at 2026-04-04T12:55:00Z
5
value 0.10785
scoring_system epss
scoring_elements 0.93332
published_at 2026-04-07T12:55:00Z
6
value 0.10785
scoring_system epss
scoring_elements 0.9334
published_at 2026-04-08T12:55:00Z
7
value 0.10785
scoring_system epss
scoring_elements 0.93349
published_at 2026-04-11T12:55:00Z
8
value 0.10785
scoring_system epss
scoring_elements 0.93345
published_at 2026-04-09T12:55:00Z
9
value 0.10785
scoring_system epss
scoring_elements 0.93378
published_at 2026-04-21T12:55:00Z
10
value 0.10785
scoring_system epss
scoring_elements 0.93371
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-0603
4
reference_url https://github.com/aspnet/Announcements/issues/403
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aspnet/Announcements/issues/403
5
reference_url https://github.com/github/advisory-database/issues/302
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/issues/302
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-0603
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-0603
7
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1789624
reference_id 1789624
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1789624
9
reference_url https://github.com/advisories/GHSA-655q-9gvg-q4cm
reference_id GHSA-655q-9gvg-q4cm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-655q-9gvg-q4cm
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.1
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.1
aliases CVE-2020-0603, GHSA-655q-9gvg-q4cm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9zu6-5d4v-f3ht
1
url VCID-fm28-azef-buh6
vulnerability_id VCID-fm28-azef-buh6
summary 
Denial of service in ASP.NET Core
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0130
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0130
1
reference_url https://access.redhat.com/errata/RHSA-2020:0134
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0134
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0602.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0602.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-0602
reference_id
reference_type
scores
0
value 0.04034
scoring_system epss
scoring_elements 0.88495
published_at 2026-04-13T12:55:00Z
1
value 0.04034
scoring_system epss
scoring_elements 0.88441
published_at 2026-04-01T12:55:00Z
2
value 0.04034
scoring_system epss
scoring_elements 0.88449
published_at 2026-04-02T12:55:00Z
3
value 0.04034
scoring_system epss
scoring_elements 0.88503
published_at 2026-04-21T12:55:00Z
4
value 0.04034
scoring_system epss
scoring_elements 0.88464
published_at 2026-04-04T12:55:00Z
5
value 0.04034
scoring_system epss
scoring_elements 0.88467
published_at 2026-04-07T12:55:00Z
6
value 0.04034
scoring_system epss
scoring_elements 0.88492
published_at 2026-04-09T12:55:00Z
7
value 0.04034
scoring_system epss
scoring_elements 0.88486
published_at 2026-04-08T12:55:00Z
8
value 0.04034
scoring_system epss
scoring_elements 0.88506
published_at 2026-04-18T12:55:00Z
9
value 0.04034
scoring_system epss
scoring_elements 0.88509
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-0602
4
reference_url https://github.com/aspnet/Announcements/issues/402
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aspnet/Announcements/issues/402
5
reference_url https://github.com/github/advisory-database/issues/302
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/issues/302
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-0602
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-0602
7
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1789623
reference_id 1789623
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1789623
9
reference_url https://github.com/advisories/GHSA-23cv-jh4v-vffm
reference_id GHSA-23cv-jh4v-vffm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-23cv-jh4v-vffm
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.1
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.1
aliases CVE-2020-0602, GHSA-23cv-jh4v-vffm
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fm28-azef-buh6
2
url VCID-j761-wgke-97d8
vulnerability_id VCID-j761-wgke-97d8
summary A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka `ASP.NET Core Denial of Service Vulnerability`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1597.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1597.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1597
reference_id
reference_type
scores
0
value 0.07555
scoring_system epss
scoring_elements 0.91845
published_at 2026-04-21T12:55:00Z
1
value 0.07555
scoring_system epss
scoring_elements 0.91835
published_at 2026-04-12T12:55:00Z
2
value 0.07555
scoring_system epss
scoring_elements 0.91851
published_at 2026-04-16T12:55:00Z
3
value 0.07555
scoring_system epss
scoring_elements 0.91831
published_at 2026-04-13T12:55:00Z
4
value 0.07555
scoring_system epss
scoring_elements 0.91788
published_at 2026-04-01T12:55:00Z
5
value 0.07555
scoring_system epss
scoring_elements 0.91796
published_at 2026-04-02T12:55:00Z
6
value 0.07555
scoring_system epss
scoring_elements 0.91802
published_at 2026-04-04T12:55:00Z
7
value 0.07555
scoring_system epss
scoring_elements 0.9181
published_at 2026-04-07T12:55:00Z
8
value 0.07555
scoring_system epss
scoring_elements 0.91823
published_at 2026-04-08T12:55:00Z
9
value 0.07555
scoring_system epss
scoring_elements 0.91829
published_at 2026-04-09T12:55:00Z
10
value 0.07555
scoring_system epss
scoring_elements 0.91833
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1597
2
reference_url https://github.com/dotnet/announcements/issues/162
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/announcements/issues/162
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO/
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1597
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1597
12
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1861110
reference_id 1861110
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1861110
14
reference_url https://github.com/advisories/GHSA-f8qx-mjcq-wfgx
reference_id GHSA-f8qx-mjcq-wfgx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f8qx-mjcq-wfgx
15
reference_url https://access.redhat.com/errata/RHSA-2020:3421
reference_id RHSA-2020:3421
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3421
16
reference_url https://access.redhat.com/errata/RHSA-2020:3422
reference_id RHSA-2020:3422
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3422
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.7
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.7
aliases CVE-2020-1597, GHSA-f8qx-mjcq-wfgx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j761-wgke-97d8
3
url VCID-n3cs-wjun-vfhe
vulnerability_id VCID-n3cs-wjun-vfhe
summary 
Cookie parsing failure
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:3699
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T18:21:43Z/
url https://access.redhat.com/errata/RHSA-2020:3699
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1045.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1045.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1045
reference_id
reference_type
scores
0
value 0.20401
scoring_system epss
scoring_elements 0.95537
published_at 2026-04-11T12:55:00Z
1
value 0.20401
scoring_system epss
scoring_elements 0.95533
published_at 2026-04-09T12:55:00Z
2
value 0.20401
scoring_system epss
scoring_elements 0.9553
published_at 2026-04-08T12:55:00Z
3
value 0.20401
scoring_system epss
scoring_elements 0.95524
published_at 2026-04-07T12:55:00Z
4
value 0.20401
scoring_system epss
scoring_elements 0.9552
published_at 2026-04-04T12:55:00Z
5
value 0.20401
scoring_system epss
scoring_elements 0.95505
published_at 2026-04-01T12:55:00Z
6
value 0.20401
scoring_system epss
scoring_elements 0.95555
published_at 2026-04-21T12:55:00Z
7
value 0.20401
scoring_system epss
scoring_elements 0.95549
published_at 2026-04-16T12:55:00Z
8
value 0.20401
scoring_system epss
scoring_elements 0.9554
published_at 2026-04-13T12:55:00Z
9
value 0.20401
scoring_system epss
scoring_elements 0.95539
published_at 2026-04-12T12:55:00Z
10
value 0.20401
scoring_system epss
scoring_elements 0.95514
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1045
3
reference_url https://github.com/dotnet/announcements/issues/165
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/announcements/issues/165
4
reference_url https://github.com/dotnet/aspnetcore/issues/25701
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/issues/25701
5
reference_url https://github.com/dotnet/aspnetcore/issues/25701#issuecomment-689434477
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/issues/25701#issuecomment-689434477
6
reference_url https://github.com/dotnet/aspnetcore/pull/24264
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/pull/24264
7
reference_url https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T18:21:43Z/
url https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318
8
reference_url https://github.com/github/advisory-database/issues/302
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/issues/302
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1045
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1045
16
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T18:21:43Z/
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045
17
reference_url https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T18:21:43Z/
url https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1873451
reference_id 1873451
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1873451
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB/
reference_id 5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T18:21:43Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/
reference_id ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T18:21:43Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:2.1*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:microsoft:asp.net_core:2.1*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:2.1*:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*
23
reference_url https://github.com/advisories/GHSA-hxrm-9w7p-39cc
reference_id GHSA-hxrm-9w7p-39cc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hxrm-9w7p-39cc
24
reference_url https://access.redhat.com/errata/RHSA-2020:3697
reference_id RHSA-2020:3697
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3697
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.8
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.8
aliases CVE-2020-1045, GHSA-hxrm-9w7p-39cc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n3cs-wjun-vfhe
4
url VCID-naj1-hh3a-q7ej
vulnerability_id VCID-naj1-hh3a-q7ej
summary 
Duplicate Advisory: .NET Information Disclosure Vulnerability
# Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-vh55-786g-wjwj. This link is maintained to preserve external references.

# Original Description
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0.  An information disclosure vulnerability exists in .NET Core 3.1 and .NET 6.0 that could lead to unauthorized access of privileged information.

## Affected software

* Any .NET 6.0 application running on .NET 6.0.7 or earlier.
* Any .NET Core 3.1 applicaiton running on .NET Core 3.1.27 or earlier.

## Patches

* If you're using .NET 6.0, you should download and install Runtime 6.0.8 or SDK 6.0.108 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0.
* If you're using .NET Core 3.1, you should download and install Runtime 3.1.28 (for Visual Studio 2019 v16.9) from https://dotnet.microsoft.com/download/dotnet-core/3.1.
references
0
reference_url https://github.com/dotnet/announcements/issues/232
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/announcements/issues/232
1
reference_url https://github.com/dotnet/aspnetcore/issues/43166
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/issues/43166
2
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj
3
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34716
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34716
5
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716
6
reference_url https://github.com/advisories/GHSA-2m65-m22p-9wjw
reference_id GHSA-2m65-m22p-9wjw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2m65-m22p-9wjw
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.28
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.28
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.28
1
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@6.0.8
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@6.0.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@6.0.8
aliases GHSA-2m65-m22p-9wjw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-naj1-hh3a-q7ej
5
url VCID-nx74-pj4e-4fde
vulnerability_id VCID-nx74-pj4e-4fde
summary 
ASP.NET Core and Visual Studio Denial of Service Vulnerability
A denial-of-service vulnerability exists in the way Kestrel parses HTTP/2 requests. The security update addresses the vulnerability by fixing the way the Kestrel parses HTTP/2 requests. Users are advised to upgrade.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-1723.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-1723.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-1723
reference_id
reference_type
scores
0
value 0.04579
scoring_system epss
scoring_elements 0.89225
published_at 2026-04-21T12:55:00Z
1
value 0.04579
scoring_system epss
scoring_elements 0.89169
published_at 2026-04-01T12:55:00Z
2
value 0.04579
scoring_system epss
scoring_elements 0.89175
published_at 2026-04-02T12:55:00Z
3
value 0.04579
scoring_system epss
scoring_elements 0.89189
published_at 2026-04-04T12:55:00Z
4
value 0.04579
scoring_system epss
scoring_elements 0.89192
published_at 2026-04-07T12:55:00Z
5
value 0.04579
scoring_system epss
scoring_elements 0.8921
published_at 2026-04-08T12:55:00Z
6
value 0.04579
scoring_system epss
scoring_elements 0.89214
published_at 2026-04-09T12:55:00Z
7
value 0.04579
scoring_system epss
scoring_elements 0.89224
published_at 2026-04-11T12:55:00Z
8
value 0.04579
scoring_system epss
scoring_elements 0.8922
published_at 2026-04-12T12:55:00Z
9
value 0.04579
scoring_system epss
scoring_elements 0.89217
published_at 2026-04-13T12:55:00Z
10
value 0.04579
scoring_system epss
scoring_elements 0.8923
published_at 2026-04-16T12:55:00Z
11
value 0.04579
scoring_system epss
scoring_elements 0.89229
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-1723
2
reference_url https://github.com/dotnet/announcements/issues/170
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/announcements/issues/170
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW
5
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1723
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1723
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-1723
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-1723
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1914258
reference_id 1914258
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1914258
8
reference_url https://security.archlinux.org/ASA-202103-16
reference_id ASA-202103-16
reference_type
scores
url https://security.archlinux.org/ASA-202103-16
9
reference_url https://security.archlinux.org/ASA-202103-17
reference_id ASA-202103-17
reference_type
scores
url https://security.archlinux.org/ASA-202103-17
10
reference_url https://security.archlinux.org/AVG-1449
reference_id AVG-1449
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1449
11
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723
reference_id CVE-2021-1723
reference_type
scores
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723
12
reference_url https://github.com/advisories/GHSA-242j-2gm6-5rwx
reference_id GHSA-242j-2gm6-5rwx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-242j-2gm6-5rwx
13
reference_url https://access.redhat.com/errata/RHSA-2021:0094
reference_id RHSA-2021:0094
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0094
14
reference_url https://access.redhat.com/errata/RHSA-2021:0095
reference_id RHSA-2021:0095
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0095
15
reference_url https://access.redhat.com/errata/RHSA-2021:0096
reference_id RHSA-2021:0096
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0096
16
reference_url https://access.redhat.com/errata/RHSA-2021:0114
reference_id RHSA-2021:0114
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0114
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.11
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.11
1
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@5.0.2
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@5.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@5.0.2
aliases CVE-2021-1723, GHSA-242j-2gm6-5rwx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nx74-pj4e-4fde
6
url VCID-puaf-7ge8-nbhg
vulnerability_id VCID-puaf-7ge8-nbhg
summary A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1161.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1161.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1161
reference_id
reference_type
scores
0
value 0.04127
scoring_system epss
scoring_elements 0.88648
published_at 2026-04-21T12:55:00Z
1
value 0.04127
scoring_system epss
scoring_elements 0.88649
published_at 2026-04-18T12:55:00Z
2
value 0.04127
scoring_system epss
scoring_elements 0.88653
published_at 2026-04-16T12:55:00Z
3
value 0.04127
scoring_system epss
scoring_elements 0.88639
published_at 2026-04-13T12:55:00Z
4
value 0.04127
scoring_system epss
scoring_elements 0.88647
published_at 2026-04-11T12:55:00Z
5
value 0.04127
scoring_system epss
scoring_elements 0.88584
published_at 2026-04-01T12:55:00Z
6
value 0.04127
scoring_system epss
scoring_elements 0.88593
published_at 2026-04-02T12:55:00Z
7
value 0.04127
scoring_system epss
scoring_elements 0.88635
published_at 2026-04-09T12:55:00Z
8
value 0.04127
scoring_system epss
scoring_elements 0.8861
published_at 2026-04-04T12:55:00Z
9
value 0.04127
scoring_system epss
scoring_elements 0.8863
published_at 2026-04-08T12:55:00Z
10
value 0.04127
scoring_system epss
scoring_elements 0.88612
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1161
2
reference_url https://github.com/aspnet/Announcements/issues/416
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aspnet/Announcements/issues/416
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1161
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1161
4
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1827645
reference_id 1827645
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1827645
6
reference_url https://github.com/advisories/GHSA-3cf7-7wq6-8842
reference_id GHSA-3cf7-7wq6-8842
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3cf7-7wq6-8842
7
reference_url https://access.redhat.com/errata/RHSA-2020:2249
reference_id RHSA-2020:2249
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2249
8
reference_url https://access.redhat.com/errata/RHSA-2020:2250
reference_id RHSA-2020:2250
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2250
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.4
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.4
aliases CVE-2020-1161, GHSA-3cf7-7wq6-8842
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-puaf-7ge8-nbhg
7
url VCID-r5g1-zwbg-xubc
vulnerability_id VCID-r5g1-zwbg-xubc
summary 
.NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A denial of service vulnerability exists in ASP.NET Core 3.1 and .NET 6.0 where a malicious client could cause a stack overflow which may result in a denial of service attack when an attacker sends a customized payload that is parsed during model binding.

## <a name="affected-software"></a>Affected software
* Any .NET 6.0 application running on .NET 6.0.8 or earlier.
* Any ASP.NET Core 3.1 application running on .NET Core 3.1.28 or earlier.
If your application uses the following package versions, ensure you update to the latest version of .NET.
### <a name="ASP.NET Core 3.1"></a>.NET Core 3.1
Package name | Affected version | Patched version
------------ | ---------------- | -------------------------
[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)|>= 3.1.0, < 3.1.29|3.1.29
[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)|>= 3.1.0, < 3.1.29|3.1.29
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)|>= 3.1.0, < 3.1.29|3.1.29
[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)|>= 3.1.0, < 3.1.29|3.1.29
[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)|>= 3.1.0, < 3.1.29|3.1.29
[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)|>= 3.1.0, < 3.1.29|3.1.29
[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)|>= 3.1.0, < 3.1.29|3.1.29
[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)|>= 3.1.5, < 3.1.29|3.1.29
[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)|>= 3.1.0, < 3.1.29|3.1.29
[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)|>= 3.1.0, < 3.1.29|3.1.29
### <a name=".NET 6"></a>.NET 6
Package name | Affected version | Patched version
------------ | ---------------- | -------------------------
[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)|>= 5.0.0, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)|>= 5.0.0, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)|>= 5.0.1, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)|>= 5.0.0, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)|>= 5.0.0, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)|>= 5.0.0, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64)|>= 6.0.0, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)|>= 5.0.0, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)|>= 5.0.0, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)|>= 5.0.0, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)|>= 5.0.0, < 6.0.9|6.0.9
[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)|>= 5.0.0, < 6.0.9|6.0.9



### Other

Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/234
An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/43953
MSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38013.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38013.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-38013
reference_id
reference_type
scores
0
value 0.01128
scoring_system epss
scoring_elements 0.78332
published_at 2026-04-16T12:55:00Z
1
value 0.01128
scoring_system epss
scoring_elements 0.78327
published_at 2026-04-21T12:55:00Z
2
value 0.01128
scoring_system epss
scoring_elements 0.7833
published_at 2026-04-18T12:55:00Z
3
value 0.01128
scoring_system epss
scoring_elements 0.78303
published_at 2026-04-13T12:55:00Z
4
value 0.01128
scoring_system epss
scoring_elements 0.78307
published_at 2026-04-12T12:55:00Z
5
value 0.01128
scoring_system epss
scoring_elements 0.78325
published_at 2026-04-11T12:55:00Z
6
value 0.01128
scoring_system epss
scoring_elements 0.78299
published_at 2026-04-09T12:55:00Z
7
value 0.01128
scoring_system epss
scoring_elements 0.78293
published_at 2026-04-08T12:55:00Z
8
value 0.01128
scoring_system epss
scoring_elements 0.78267
published_at 2026-04-07T12:55:00Z
9
value 0.01128
scoring_system epss
scoring_elements 0.78285
published_at 2026-04-04T12:55:00Z
10
value 0.01128
scoring_system epss
scoring_elements 0.78254
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-38013
2
reference_url https://github.com/dotnet/aspnetcore
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore
3
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-r8m2-4x37-6592
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-r8m2-4x37-6592
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M
14
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-38013
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-38013
16
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2125124
reference_id 2125124
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2125124
18
reference_url https://github.com/advisories/GHSA-r8m2-4x37-6592
reference_id GHSA-r8m2-4x37-6592
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r8m2-4x37-6592
19
reference_url https://access.redhat.com/errata/RHSA-2022:6520
reference_id RHSA-2022:6520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6520
20
reference_url https://access.redhat.com/errata/RHSA-2022:6521
reference_id RHSA-2022:6521
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6521
21
reference_url https://access.redhat.com/errata/RHSA-2022:6522
reference_id RHSA-2022:6522
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6522
22
reference_url https://access.redhat.com/errata/RHSA-2022:6523
reference_id RHSA-2022:6523
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6523
23
reference_url https://access.redhat.com/errata/RHSA-2022:6539
reference_id RHSA-2022:6539
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6539
24
reference_url https://usn.ubuntu.com/5609-1/
reference_id USN-5609-1
reference_type
scores
url https://usn.ubuntu.com/5609-1/
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.29
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.29
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.29
1
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@6.0.9
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@6.0.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@6.0.9
aliases CVE-2022-38013, GHSA-r8m2-4x37-6592
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r5g1-zwbg-xubc
8
url VCID-rz8f-jn6b-a7fw
vulnerability_id VCID-rz8f-jn6b-a7fw
summary 
.NET Information Disclosure Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

An information disclosure vulnerability exists in .NET Core 3.1 and .NET 6.0 that could lead to unauthorized access of privileged information.

## <a name="affected-software"></a>Affected software

* Any .NET 6.0 application running on .NET 6.0.7 or earlier.
* Any .NET Core 3.1 applicaiton running on .NET Core 3.1.27 or earlier.

If your application uses the following package versions, ensure you update to the latest version of .NET.

### <a name=".NET Core 3.1"></a>.NET Core 3.1

Package name | Affected version | Patched version
------------ | ---------------- | -------------------------
[System.Security.Cryptography.Xml](http://system.security)| <=4.7.0| 4.7.1
[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)| >=3.1.0, 3.1.27| 3.1.28

### <a name=".NET 6"></a>.NET 6

Package name | Affected version | Patched version
------------ | ---------------- | -------------------------
[System.Security.Cryptography.Xml](https://www.nuget.org/packages/System.Security.Cryptography.Xml)| >=5.0.0, 6.0.0| 6.0.1
[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)| >=6.0.0, 6.0.7| 6.0.8

## Patches


* If you're using .NET 6.0, you should download and install Runtime 6.0.8 or SDK 6.0.108 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0.
* If you're using .NET Core 3.1, you should download and install Runtime 3.1.28 (for Visual Studio 2019 v16.9) from https://dotnet.microsoft.com/download/dotnet-core/3.1.


### Other

Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/232
An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/43166
MSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34716.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34716.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34716
reference_id
reference_type
scores
0
value 0.00952
scoring_system epss
scoring_elements 0.76415
published_at 2026-04-21T12:55:00Z
1
value 0.00952
scoring_system epss
scoring_elements 0.76431
published_at 2026-04-18T12:55:00Z
2
value 0.00952
scoring_system epss
scoring_elements 0.76425
published_at 2026-04-16T12:55:00Z
3
value 0.00952
scoring_system epss
scoring_elements 0.76385
published_at 2026-04-13T12:55:00Z
4
value 0.01106
scoring_system epss
scoring_elements 0.78103
published_at 2026-04-12T12:55:00Z
5
value 0.01106
scoring_system epss
scoring_elements 0.78121
published_at 2026-04-11T12:55:00Z
6
value 0.01106
scoring_system epss
scoring_elements 0.78094
published_at 2026-04-09T12:55:00Z
7
value 0.01106
scoring_system epss
scoring_elements 0.7809
published_at 2026-04-08T12:55:00Z
8
value 0.01106
scoring_system epss
scoring_elements 0.78064
published_at 2026-04-07T12:55:00Z
9
value 0.01106
scoring_system epss
scoring_elements 0.78082
published_at 2026-04-04T12:55:00Z
10
value 0.01106
scoring_system epss
scoring_elements 0.78053
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34716
2
reference_url https://github.com/dotnet/announcements/issues/232
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/announcements/issues/232
3
reference_url https://github.com/dotnet/aspnetcore/issues/43166
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/issues/43166
4
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj
5
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T20:04:18Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34716
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34716
7
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2115183
reference_id 2115183
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2115183
9
reference_url https://github.com/advisories/GHSA-vh55-786g-wjwj
reference_id GHSA-vh55-786g-wjwj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vh55-786g-wjwj
10
reference_url https://access.redhat.com/errata/RHSA-2022:6037
reference_id RHSA-2022:6037
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6037
11
reference_url https://access.redhat.com/errata/RHSA-2022:6038
reference_id RHSA-2022:6038
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6038
12
reference_url https://access.redhat.com/errata/RHSA-2022:6043
reference_id RHSA-2022:6043
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6043
13
reference_url https://access.redhat.com/errata/RHSA-2022:6057
reference_id RHSA-2022:6057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6057
14
reference_url https://access.redhat.com/errata/RHSA-2022:6058
reference_id RHSA-2022:6058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6058
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.28
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.28
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.28
1
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@6.0.8
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@6.0.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@6.0.8
aliases CVE-2022-34716, GHSA-vh55-786g-wjwj, GMS-2024-75, GMS-2024-76, GMS-2024-77, GMS-2024-78, GMS-2024-79, GMS-2024-80, GMS-2024-81, GMS-2024-82, GMS-2024-83, GMS-2024-84, GMS-2024-85, GMS-2024-86, GMS-2024-90
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rz8f-jn6b-a7fw
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.osx-x64@3.1.0