Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.8
Typenuget
Namespace
NameMicrosoft.AspNetCore.App.Runtime.win-arm
Version6.0.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.0.19
Latest_non_vulnerable_version7.0.19
Affected_by_vulnerabilities
0
url VCID-as33-d56d-fqek
vulnerability_id VCID-as33-d56d-fqek
summary 
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET 6.0, ASP.NET 7.0 and, ASP.NET 8.0 . This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.

A vulnerability exists in ASP.NET applications using SignalR where a malicious client can result in a denial-of-service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21386.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21386.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21386
reference_id
reference_type
scores
0
value 0.02393
scoring_system epss
scoring_elements 0.85329
published_at 2026-06-08T12:55:00Z
1
value 0.02393
scoring_system epss
scoring_elements 0.85344
published_at 2026-06-07T12:55:00Z
2
value 0.02393
scoring_system epss
scoring_elements 0.8535
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21386
2
reference_url https://github.com/dotnet/aspnetcore
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2263085
reference_id 2263085
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2263085
4
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386
reference_id CVE-2024-21386
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T20:15:43Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21386
reference_id CVE-2024-21386
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21386
6
reference_url https://github.com/advisories/GHSA-g74q-5xw3-j7q9
reference_id GHSA-g74q-5xw3-j7q9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g74q-5xw3-j7q9
7
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-g74q-5xw3-j7q9
reference_id GHSA-g74q-5xw3-j7q9
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-g74q-5xw3-j7q9
8
reference_url https://access.redhat.com/errata/RHSA-2024:0805
reference_id RHSA-2024:0805
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0805
9
reference_url https://access.redhat.com/errata/RHSA-2024:0806
reference_id RHSA-2024:0806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0806
10
reference_url https://access.redhat.com/errata/RHSA-2024:0807
reference_id RHSA-2024:0807
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0807
11
reference_url https://access.redhat.com/errata/RHSA-2024:0808
reference_id RHSA-2024:0808
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0808
12
reference_url https://access.redhat.com/errata/RHSA-2024:0814
reference_id RHSA-2024:0814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0814
13
reference_url https://access.redhat.com/errata/RHSA-2024:0827
reference_id RHSA-2024:0827
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0827
14
reference_url https://access.redhat.com/errata/RHSA-2024:0848
reference_id RHSA-2024:0848
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0848
15
reference_url https://access.redhat.com/errata/RHSA-2024:2843
reference_id RHSA-2024:2843
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2843
16
reference_url https://access.redhat.com/errata/RHSA-2024:3340
reference_id RHSA-2024:3340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3340
17
reference_url https://usn.ubuntu.com/6634-1/
reference_id USN-6634-1
reference_type
scores
url https://usn.ubuntu.com/6634-1/
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.27
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g1fd-q1xg-wbcv
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.27
1
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@7.0.16
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@7.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g1fd-q1xg-wbcv
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@7.0.16
2
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@8.0.2
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@8.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@8.0.2
aliases CVE-2024-21386, GHSA-g74q-5xw3-j7q9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-as33-d56d-fqek
1
url VCID-g1fd-q1xg-wbcv
vulnerability_id VCID-g1fd-q1xg-wbcv
summary 
Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A Vulnerability exist in Microsoft.AspNetCore.Server.Kestrel.Core.dll where a dead-lock can occur resulting in Denial of Service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30046.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30046.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-30046
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.3869
published_at 2026-06-08T12:55:00Z
1
value 0.00175
scoring_system epss
scoring_elements 0.38718
published_at 2026-06-07T12:55:00Z
2
value 0.00175
scoring_system epss
scoring_elements 0.38746
published_at 2026-06-06T12:55:00Z
3
value 0.00175
scoring_system epss
scoring_elements 0.38742
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-30046
2
reference_url https://github.com/dotnet/announcements/issues/308
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/announcements/issues/308
3
reference_url https://github.com/dotnet/aspnetcore
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore
4
reference_url https://github.com/dotnet/aspnetcore/issues/55714
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/issues/55714
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2279697
reference_id 2279697
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2279697
6
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046
reference_id CVE-2024-30046
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-15T16:43:57Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-30046
reference_id CVE-2024-30046
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-30046
8
reference_url https://github.com/advisories/GHSA-hhc7-x9w4-cw47
reference_id GHSA-hhc7-x9w4-cw47
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hhc7-x9w4-cw47
9
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-hhc7-x9w4-cw47
reference_id GHSA-hhc7-x9w4-cw47
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-hhc7-x9w4-cw47
10
reference_url https://access.redhat.com/errata/RHSA-2024:2842
reference_id RHSA-2024:2842
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2842
11
reference_url https://access.redhat.com/errata/RHSA-2024:2843
reference_id RHSA-2024:2843
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2843
12
reference_url https://access.redhat.com/errata/RHSA-2024:3340
reference_id RHSA-2024:3340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3340
13
reference_url https://access.redhat.com/errata/RHSA-2024:3345
reference_id RHSA-2024:3345
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3345
14
reference_url https://usn.ubuntu.com/6773-1/
reference_id USN-6773-1
reference_type
scores
url https://usn.ubuntu.com/6773-1/
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@7.0.19
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@7.0.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@7.0.19
1
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@8.0.5
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@8.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@8.0.5
aliases CVE-2024-30046, GHSA-hhc7-x9w4-cw47
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g1fd-q1xg-wbcv
2
url VCID-j3bh-ygvh-cqfn
vulnerability_id VCID-j3bh-ygvh-cqfn
summary dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38013.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38013.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-38013
reference_id
reference_type
scores
0
value 0.01487
scoring_system epss
scoring_elements 0.8139
published_at 2026-06-08T12:55:00Z
1
value 0.01487
scoring_system epss
scoring_elements 0.81397
published_at 2026-06-06T12:55:00Z
2
value 0.01487
scoring_system epss
scoring_elements 0.81395
published_at 2026-06-07T12:55:00Z
3
value 0.01487
scoring_system epss
scoring_elements 0.81367
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-38013
2
reference_url https://github.com/dotnet/aspnetcore
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore
3
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-r8m2-4x37-6592
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-r8m2-4x37-6592
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M
14
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-15T14:39:58Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-38013
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-38013
16
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2125124
reference_id 2125124
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2125124
18
reference_url https://github.com/advisories/GHSA-r8m2-4x37-6592
reference_id GHSA-r8m2-4x37-6592
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r8m2-4x37-6592
19
reference_url https://access.redhat.com/errata/RHSA-2022:6520
reference_id RHSA-2022:6520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6520
20
reference_url https://access.redhat.com/errata/RHSA-2022:6521
reference_id RHSA-2022:6521
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6521
21
reference_url https://access.redhat.com/errata/RHSA-2022:6522
reference_id RHSA-2022:6522
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6522
22
reference_url https://access.redhat.com/errata/RHSA-2022:6523
reference_id RHSA-2022:6523
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6523
23
reference_url https://access.redhat.com/errata/RHSA-2022:6539
reference_id RHSA-2022:6539
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6539
24
reference_url https://usn.ubuntu.com/5609-1/
reference_id USN-5609-1
reference_type
scores
url https://usn.ubuntu.com/5609-1/
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.9
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-as33-d56d-fqek
1
vulnerability VCID-g1fd-q1xg-wbcv
2
vulnerability VCID-va1v-dc3f-pbfp
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.9
aliases CVE-2022-38013, GHSA-r8m2-4x37-6592
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j3bh-ygvh-cqfn
3
url VCID-va1v-dc3f-pbfp
vulnerability_id VCID-va1v-dc3f-pbfp
summary 
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
ASP.NET and Visual Studio Security Feature Bypass Vulnerability
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33170.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33170.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33170
reference_id
reference_type
scores
0
value 0.0024
scoring_system epss
scoring_elements 0.47455
published_at 2026-06-08T12:55:00Z
1
value 0.0024
scoring_system epss
scoring_elements 0.47485
published_at 2026-06-07T12:55:00Z
2
value 0.0024
scoring_system epss
scoring_elements 0.47503
published_at 2026-06-06T12:55:00Z
3
value 0.0024
scoring_system epss
scoring_elements 0.475
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33170
2
reference_url https://github.com/dotnet/aspnetcore
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore
3
reference_url https://github.com/dotnet/aspnetcore/issues/49334
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/issues/49334
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL/
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2221854
reference_id 2221854
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2221854
13
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170
reference_id CVE-2023-33170
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-03T16:24:03Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33170
reference_id CVE-2023-33170
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33170
15
reference_url https://github.com/advisories/GHSA-25c8-p796-jg6r
reference_id GHSA-25c8-p796-jg6r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-25c8-p796-jg6r
16
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-25c8-p796-jg6r
reference_id GHSA-25c8-p796-jg6r
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-25c8-p796-jg6r
17
reference_url https://access.redhat.com/errata/RHSA-2023:4057
reference_id RHSA-2023:4057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4057
18
reference_url https://access.redhat.com/errata/RHSA-2023:4058
reference_id RHSA-2023:4058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4058
19
reference_url https://access.redhat.com/errata/RHSA-2023:4059
reference_id RHSA-2023:4059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4059
20
reference_url https://access.redhat.com/errata/RHSA-2023:4060
reference_id RHSA-2023:4060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4060
21
reference_url https://access.redhat.com/errata/RHSA-2023:4061
reference_id RHSA-2023:4061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4061
22
reference_url https://access.redhat.com/errata/RHSA-2023:4448
reference_id RHSA-2023:4448
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4448
23
reference_url https://access.redhat.com/errata/RHSA-2023:4449
reference_id RHSA-2023:4449
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4449
24
reference_url https://usn.ubuntu.com/6217-1/
reference_id USN-6217-1
reference_type
scores
url https://usn.ubuntu.com/6217-1/
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.20
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-as33-d56d-fqek
1
vulnerability VCID-g1fd-q1xg-wbcv
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.20
1
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@7.0.9
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@7.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6yt3-svsa-wugc
1
vulnerability VCID-as33-d56d-fqek
2
vulnerability VCID-g1fd-q1xg-wbcv
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@7.0.9
aliases CVE-2023-33170, GHSA-25c8-p796-jg6r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-va1v-dc3f-pbfp
Fixing_vulnerabilities
0
url VCID-35e6-fjfc-p3h1
vulnerability_id VCID-35e6-fjfc-p3h1
summary 
.NET Information Disclosure Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

An information disclosure vulnerability exists in .NET Core 3.1 and .NET 6.0 that could lead to unauthorized access of privileged information.

## <a name="affected-software"></a>Affected software

* Any .NET 6.0 application running on .NET 6.0.7 or earlier.
* Any .NET Core 3.1 applicaiton running on .NET Core 3.1.27 or earlier.

If your application uses the following package versions, ensure you update to the latest version of .NET.

### <a name=".NET Core 3.1"></a>.NET Core 3.1

Package name | Affected version | Patched version
------------ | ---------------- | -------------------------
[System.Security.Cryptography.Xml](http://system.security)| <=4.7.0| 4.7.1
[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)| >=3.1.0, 3.1.27| 3.1.28
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)| >=3.1.0, 3.1.27| 3.1.28

### <a name=".NET 6"></a>.NET 6

Package name | Affected version | Patched version
------------ | ---------------- | -------------------------
[System.Security.Cryptography.Xml](https://www.nuget.org/packages/System.Security.Cryptography.Xml)| >=5.0.0, 6.0.0| 6.0.1
[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)| >=6.0.0, 6.0.7| 6.0.8
[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)| >=6.0.0, 6.0.7| 6.0.8

## Patches


* If you're using .NET 6.0, you should download and install Runtime 6.0.8 or SDK 6.0.108 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0.
* If you're using .NET Core 3.1, you should download and install Runtime 3.1.28 (for Visual Studio 2019 v16.9) from https://dotnet.microsoft.com/download/dotnet-core/3.1.


### Other

Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/232
An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/43166
MSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34716.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34716.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-34716
reference_id
reference_type
scores
0
value 0.00762
scoring_system epss
scoring_elements 0.73739
published_at 2026-06-08T12:55:00Z
1
value 0.00762
scoring_system epss
scoring_elements 0.73756
published_at 2026-06-07T12:55:00Z
2
value 0.00762
scoring_system epss
scoring_elements 0.7377
published_at 2026-06-06T12:55:00Z
3
value 0.00762
scoring_system epss
scoring_elements 0.73729
published_at 2026-06-04T12:55:00Z
4
value 0.00762
scoring_system epss
scoring_elements 0.73765
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-34716
2
reference_url https://github.com/dotnet/announcements/issues/232
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/announcements/issues/232
3
reference_url https://github.com/dotnet/aspnetcore/issues/43166
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/issues/43166
4
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T20:04:18Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34716
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34716
6
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2115183
reference_id 2115183
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2115183
8
reference_url https://github.com/advisories/GHSA-vh55-786g-wjwj
reference_id GHSA-vh55-786g-wjwj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vh55-786g-wjwj
9
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj
reference_id GHSA-vh55-786g-wjwj
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj
10
reference_url https://access.redhat.com/errata/RHSA-2022:6037
reference_id RHSA-2022:6037
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6037
11
reference_url https://access.redhat.com/errata/RHSA-2022:6038
reference_id RHSA-2022:6038
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6038
12
reference_url https://access.redhat.com/errata/RHSA-2022:6043
reference_id RHSA-2022:6043
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6043
13
reference_url https://access.redhat.com/errata/RHSA-2022:6057
reference_id RHSA-2022:6057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6057
14
reference_url https://access.redhat.com/errata/RHSA-2022:6058
reference_id RHSA-2022:6058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6058
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.28
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-as33-d56d-fqek
1
vulnerability VCID-g1fd-q1xg-wbcv
2
vulnerability VCID-j3bh-ygvh-cqfn
3
vulnerability VCID-va1v-dc3f-pbfp
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.28
1
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.8
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-as33-d56d-fqek
1
vulnerability VCID-g1fd-q1xg-wbcv
2
vulnerability VCID-j3bh-ygvh-cqfn
3
vulnerability VCID-va1v-dc3f-pbfp
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.8
aliases CVE-2022-34716, GHSA-vh55-786g-wjwj, GMS-2024-75, GMS-2024-76, GMS-2024-77, GMS-2024-78, GMS-2024-79, GMS-2024-80, GMS-2024-81, GMS-2024-82, GMS-2024-83, GMS-2024-84, GMS-2024-85, GMS-2024-86, GMS-2024-90
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-35e6-fjfc-p3h1
1
url VCID-4r5z-ne8d-byea
vulnerability_id VCID-4r5z-ne8d-byea
summary 
Duplicate Advisory: .NET Information Disclosure Vulnerability
# Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-vh55-786g-wjwj. This link is maintained to preserve external references.

# Original Description
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0.  An information disclosure vulnerability exists in .NET Core 3.1 and .NET 6.0 that could lead to unauthorized access of privileged information.

## Affected software

* Any .NET 6.0 application running on .NET 6.0.7 or earlier.
* Any .NET Core 3.1 applicaiton running on .NET Core 3.1.27 or earlier.

## Patches

* If you're using .NET 6.0, you should download and install Runtime 6.0.8 or SDK 6.0.108 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0.
* If you're using .NET Core 3.1, you should download and install Runtime 3.1.28 (for Visual Studio 2019 v16.9) from https://dotnet.microsoft.com/download/dotnet-core/3.1.
references
0
reference_url https://github.com/dotnet/announcements/issues/232
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/announcements/issues/232
1
reference_url https://github.com/dotnet/aspnetcore/issues/43166
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/issues/43166
2
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-34716
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-34716
4
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716
5
reference_url https://github.com/advisories/GHSA-2m65-m22p-9wjw
reference_id GHSA-2m65-m22p-9wjw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2m65-m22p-9wjw
6
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj
reference_id GHSA-vh55-786g-wjwj
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.28
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-as33-d56d-fqek
1
vulnerability VCID-g1fd-q1xg-wbcv
2
vulnerability VCID-j3bh-ygvh-cqfn
3
vulnerability VCID-va1v-dc3f-pbfp
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@3.1.28
1
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.8
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-as33-d56d-fqek
1
vulnerability VCID-g1fd-q1xg-wbcv
2
vulnerability VCID-j3bh-ygvh-cqfn
3
vulnerability VCID-va1v-dc3f-pbfp
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.8
aliases GHSA-2m65-m22p-9wjw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4r5z-ne8d-byea
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm@6.0.8