Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.0
Typenuget
Namespace
NameMicrosoft.AspNetCore.App.Runtime.win-x86
Version8.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-41ej-wew7-1feb
vulnerability_id VCID-41ej-wew7-1feb
summary 
Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in  .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exists in ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free.

Note: HTTP/3 is experimental in .NET 6.0. If you are on .NET 6.0 and using HTTP/3, please upgrade to .NET 8.0.10. .NET 6.0 will not receive a security patch for this vulnerability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38229.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38229.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38229
reference_id
reference_type
scores
0
value 0.00968
scoring_system epss
scoring_elements 0.76971
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38229
2
reference_url https://github.com/dotnet/announcements/issues/326
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/announcements/issues/326
3
reference_url https://github.com/dotnet/aspnetcore
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore
4
reference_url https://github.com/dotnet/aspnetcore/issues/58297
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/issues/58297
5
reference_url https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/endpoints?view=aspnetcore-8.0#configure-http-protocols-in-appsettingsjson
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/endpoints?view=aspnetcore-8.0#configure-http-protocols-in-appsettingsjson
6
reference_url https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/http3?view=aspnetcore-8.0#getting-started
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/http3?view=aspnetcore-8.0#getting-started
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2316161
reference_id 2316161
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2316161
8
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38229
reference_id CVE-2024-38229
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T18:55:00Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38229
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-38229
reference_id CVE-2024-38229
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-38229
10
reference_url https://www.herodevs.com/vulnerability-directory/cve-2024-38229
reference_id CVE-2024-38229
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.herodevs.com/vulnerability-directory/cve-2024-38229
11
reference_url https://github.com/advisories/GHSA-7vw9-cfwx-9gx9
reference_id GHSA-7vw9-cfwx-9gx9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7vw9-cfwx-9gx9
12
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-7vw9-cfwx-9gx9
reference_id GHSA-7vw9-cfwx-9gx9
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-7vw9-cfwx-9gx9
13
reference_url https://access.redhat.com/errata/RHSA-2024:7868
reference_id RHSA-2024:7868
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7868
14
reference_url https://access.redhat.com/errata/RHSA-2024:7869
reference_id RHSA-2024:7869
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7869
15
reference_url https://usn.ubuntu.com/7058-1/
reference_id USN-7058-1
reference_type
scores
url https://usn.ubuntu.com/7058-1/
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.10
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.10
1
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@9.0.0-rc.2.24474.3
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@9.0.0-rc.2.24474.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@9.0.0-rc.2.24474.3
aliases CVE-2024-38229, GHSA-7vw9-cfwx-9gx9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-41ej-wew7-1feb
1
url VCID-84nk-vtvj-abdd
vulnerability_id VCID-84nk-vtvj-abdd
summary 
Microsoft Security Advisory CVE-2024-38168 | .NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exists in .NET when an attacker through unauthenticated requests may trigger a Denial of Service in ASP.NET HTTP.sys web server. This is a windows OS only vulnerability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38168.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38168.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38168
reference_id
reference_type
scores
0
value 0.02913
scoring_system epss
scoring_elements 0.86664
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38168
2
reference_url https://github.com/dotnet/aspnetcore
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2302429
reference_id 2302429
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2302429
4
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38168
reference_id CVE-2024-38168
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-15T14:23:57Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38168
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-38168
reference_id CVE-2024-38168
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-38168
6
reference_url https://github.com/advisories/GHSA-7qrv-8f9x-3h32
reference_id GHSA-7qrv-8f9x-3h32
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7qrv-8f9x-3h32
7
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-7qrv-8f9x-3h32
reference_id GHSA-7qrv-8f9x-3h32
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-7qrv-8f9x-3h32
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.8
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-41ej-wew7-1feb
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.8
aliases CVE-2024-38168, GHSA-7qrv-8f9x-3h32
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84nk-vtvj-abdd
2
url VCID-as33-d56d-fqek
vulnerability_id VCID-as33-d56d-fqek
summary 
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET 6.0, ASP.NET 7.0 and, ASP.NET 8.0 . This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.

A vulnerability exists in ASP.NET applications using SignalR where a malicious client can result in a denial-of-service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21386.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21386.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21386
reference_id
reference_type
scores
0
value 0.02393
scoring_system epss
scoring_elements 0.85344
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21386
2
reference_url https://github.com/dotnet/aspnetcore
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2263085
reference_id 2263085
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2263085
4
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386
reference_id CVE-2024-21386
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T20:15:43Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21386
reference_id CVE-2024-21386
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21386
6
reference_url https://github.com/advisories/GHSA-g74q-5xw3-j7q9
reference_id GHSA-g74q-5xw3-j7q9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g74q-5xw3-j7q9
7
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-g74q-5xw3-j7q9
reference_id GHSA-g74q-5xw3-j7q9
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-g74q-5xw3-j7q9
8
reference_url https://access.redhat.com/errata/RHSA-2024:0805
reference_id RHSA-2024:0805
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0805
9
reference_url https://access.redhat.com/errata/RHSA-2024:0806
reference_id RHSA-2024:0806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0806
10
reference_url https://access.redhat.com/errata/RHSA-2024:0807
reference_id RHSA-2024:0807
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0807
11
reference_url https://access.redhat.com/errata/RHSA-2024:0808
reference_id RHSA-2024:0808
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0808
12
reference_url https://access.redhat.com/errata/RHSA-2024:0814
reference_id RHSA-2024:0814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0814
13
reference_url https://access.redhat.com/errata/RHSA-2024:0827
reference_id RHSA-2024:0827
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0827
14
reference_url https://access.redhat.com/errata/RHSA-2024:0848
reference_id RHSA-2024:0848
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0848
15
reference_url https://access.redhat.com/errata/RHSA-2024:2843
reference_id RHSA-2024:2843
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2843
16
reference_url https://access.redhat.com/errata/RHSA-2024:3340
reference_id RHSA-2024:3340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3340
17
reference_url https://usn.ubuntu.com/6634-1/
reference_id USN-6634-1
reference_type
scores
url https://usn.ubuntu.com/6634-1/
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.2
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.2
aliases CVE-2024-21386, GHSA-g74q-5xw3-j7q9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-as33-d56d-fqek
3
url VCID-bw8f-x5zs-tkde
vulnerability_id VCID-bw8f-x5zs-tkde
summary dotnet: .NET: infinite loop allows an attacker to cause a denial of service
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42899.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42899.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42899
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.11093
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42899
2
reference_url https://github.com/dotnet/announcements/issues/397
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/announcements/issues/397
3
reference_url https://github.com/dotnet/aspnetcore
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore
4
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-9v76-4qcc-frgh
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-9v76-4qcc-frgh
5
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42899
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-12T20:10:06Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42899
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42899
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42899
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2476605
reference_id 2476605
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2476605
8
reference_url https://github.com/advisories/GHSA-9v76-4qcc-frgh
reference_id GHSA-9v76-4qcc-frgh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9v76-4qcc-frgh
9
reference_url https://access.redhat.com/errata/RHSA-2026:17464
reference_id RHSA-2026:17464
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17464
10
reference_url https://access.redhat.com/errata/RHSA-2026:17527
reference_id RHSA-2026:17527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17527
11
reference_url https://access.redhat.com/errata/RHSA-2026:17682
reference_id RHSA-2026:17682
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17682
12
reference_url https://access.redhat.com/errata/RHSA-2026:21286
reference_id RHSA-2026:21286
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21286
13
reference_url https://access.redhat.com/errata/RHSA-2026:21291
reference_id RHSA-2026:21291
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21291
14
reference_url https://access.redhat.com/errata/RHSA-2026:21293
reference_id RHSA-2026:21293
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21293
15
reference_url https://access.redhat.com/errata/RHSA-2026:21294
reference_id RHSA-2026:21294
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21294
16
reference_url https://access.redhat.com/errata/RHSA-2026:21295
reference_id RHSA-2026:21295
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21295
17
reference_url https://access.redhat.com/errata/RHSA-2026:21296
reference_id RHSA-2026:21296
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21296
18
reference_url https://access.redhat.com/errata/RHSA-2026:21297
reference_id RHSA-2026:21297
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21297
19
reference_url https://access.redhat.com/errata/RHSA-2026:21754
reference_id RHSA-2026:21754
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21754
20
reference_url https://access.redhat.com/errata/RHSA-2026:22145
reference_id RHSA-2026:22145
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:22145
21
reference_url https://usn.ubuntu.com/8298-1/
reference_id USN-8298-1
reference_type
scores
url https://usn.ubuntu.com/8298-1/
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.27
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.27
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.27
1
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@9.0.16
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@9.0.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@9.0.16
2
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@10.0.8
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@10.0.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@10.0.8
aliases CVE-2026-42899, GHSA-9v76-4qcc-frgh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bw8f-x5zs-tkde
4
url VCID-g1fd-q1xg-wbcv
vulnerability_id VCID-g1fd-q1xg-wbcv
summary 
Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A Vulnerability exist in Microsoft.AspNetCore.Server.Kestrel.Core.dll where a dead-lock can occur resulting in Denial of Service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30046.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30046.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-30046
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.38742
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-30046
2
reference_url https://github.com/dotnet/announcements/issues/308
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/announcements/issues/308
3
reference_url https://github.com/dotnet/aspnetcore
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore
4
reference_url https://github.com/dotnet/aspnetcore/issues/55714
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/issues/55714
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2279697
reference_id 2279697
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2279697
6
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046
reference_id CVE-2024-30046
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-15T16:43:57Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-30046
reference_id CVE-2024-30046
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-30046
8
reference_url https://github.com/advisories/GHSA-hhc7-x9w4-cw47
reference_id GHSA-hhc7-x9w4-cw47
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hhc7-x9w4-cw47
9
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-hhc7-x9w4-cw47
reference_id GHSA-hhc7-x9w4-cw47
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-hhc7-x9w4-cw47
10
reference_url https://access.redhat.com/errata/RHSA-2024:2842
reference_id RHSA-2024:2842
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2842
11
reference_url https://access.redhat.com/errata/RHSA-2024:2843
reference_id RHSA-2024:2843
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2843
12
reference_url https://access.redhat.com/errata/RHSA-2024:3340
reference_id RHSA-2024:3340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3340
13
reference_url https://access.redhat.com/errata/RHSA-2024:3345
reference_id RHSA-2024:3345
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3345
14
reference_url https://usn.ubuntu.com/6773-1/
reference_id USN-6773-1
reference_type
scores
url https://usn.ubuntu.com/6773-1/
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.5
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.5
aliases CVE-2024-30046, GHSA-hhc7-x9w4-cw47
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g1fd-q1xg-wbcv
5
url VCID-g9mj-jjx1-f3h2
vulnerability_id VCID-g9mj-jjx1-f3h2
summary 
Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in  .NET 8.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A Vulnerability exists in ASP.NET Core 8 where Data Corruption in Kestrel HTTP/3 can result in remote code execution.

Note: HTTP/3 is experimental in .NET 6.0. If you are on .NET 6.0 and using HTTP/3, please upgrade to .NET 8.0.7
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35264.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35264.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-35264
reference_id
reference_type
scores
0
value 0.04361
scoring_system epss
scoring_elements 0.89152
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-35264
2
reference_url https://github.com/dotnet/aspnetcore
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295321
reference_id 2295321
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295321
4
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264
reference_id CVE-2024-35264
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-09T18:13:39Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-35264
reference_id CVE-2024-35264
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-35264
6
reference_url https://www.herodevs.com/vulnerability-directory/cve-2024-35264
reference_id CVE-2024-35264
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.herodevs.com/vulnerability-directory/cve-2024-35264
7
reference_url https://github.com/advisories/GHSA-chfc-9w6m-75rf
reference_id GHSA-chfc-9w6m-75rf
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-chfc-9w6m-75rf
8
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-chfc-9w6m-75rf
reference_id GHSA-chfc-9w6m-75rf
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-chfc-9w6m-75rf
9
reference_url https://access.redhat.com/errata/RHSA-2024:4450
reference_id RHSA-2024:4450
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4450
10
reference_url https://access.redhat.com/errata/RHSA-2024:4451
reference_id RHSA-2024:4451
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4451
11
reference_url https://usn.ubuntu.com/6889-1/
reference_id USN-6889-1
reference_type
scores
url https://usn.ubuntu.com/6889-1/
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.7
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.7
aliases CVE-2024-35264, GHSA-chfc-9w6m-75rf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g9mj-jjx1-f3h2
6
url VCID-qyfs-eq91-qbbc
vulnerability_id VCID-qyfs-eq91-qbbc
summary 
.NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A denial of service vulnerability exists in ASP.NET Core due to uncontrolled resource consumption. A specially crafted message to a SignalR server can exhaust an internal buffer and cause a Denial of Service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26130.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26130.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26130
reference_id
reference_type
scores
0
value 0.03634
scoring_system epss
scoring_elements 0.88063
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26130
2
reference_url https://github.com/dotnet/aspnetcore
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore
3
reference_url https://www.cve.org/CVERecord?id=CVE-2026-26130
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cve.org/CVERecord?id=CVE-2026-26130
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2446134
reference_id 2446134
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2446134
5
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26130
reference_id CVE-2026-26130
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T19:49:23Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26130
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26130
reference_id CVE-2026-26130
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26130
7
reference_url https://github.com/advisories/GHSA-4vgm-c2wm-63mw
reference_id GHSA-4vgm-c2wm-63mw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4vgm-c2wm-63mw
8
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-4vgm-c2wm-63mw
reference_id GHSA-4vgm-c2wm-63mw
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-4vgm-c2wm-63mw
9
reference_url https://access.redhat.com/errata/RHSA-2026:10082
reference_id RHSA-2026:10082
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10082
10
reference_url https://access.redhat.com/errata/RHSA-2026:10083
reference_id RHSA-2026:10083
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10083
11
reference_url https://access.redhat.com/errata/RHSA-2026:10084
reference_id RHSA-2026:10084
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10084
12
reference_url https://access.redhat.com/errata/RHSA-2026:10085
reference_id RHSA-2026:10085
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10085
13
reference_url https://access.redhat.com/errata/RHSA-2026:10091
reference_id RHSA-2026:10091
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10091
14
reference_url https://access.redhat.com/errata/RHSA-2026:4443
reference_id RHSA-2026:4443
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4443
15
reference_url https://access.redhat.com/errata/RHSA-2026:4445
reference_id RHSA-2026:4445
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4445
16
reference_url https://access.redhat.com/errata/RHSA-2026:4450
reference_id RHSA-2026:4450
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4450
17
reference_url https://access.redhat.com/errata/RHSA-2026:4451
reference_id RHSA-2026:4451
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4451
18
reference_url https://access.redhat.com/errata/RHSA-2026:4453
reference_id RHSA-2026:4453
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4453
19
reference_url https://access.redhat.com/errata/RHSA-2026:4454
reference_id RHSA-2026:4454
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4454
20
reference_url https://access.redhat.com/errata/RHSA-2026:4455
reference_id RHSA-2026:4455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4455
21
reference_url https://access.redhat.com/errata/RHSA-2026:4456
reference_id RHSA-2026:4456
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4456
22
reference_url https://access.redhat.com/errata/RHSA-2026:4458
reference_id RHSA-2026:4458
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4458
23
reference_url https://usn.ubuntu.com/8085-1/
reference_id USN-8085-1
reference_type
scores
url https://usn.ubuntu.com/8085-1/
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.25
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.25
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.25
1
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@9.0.14
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@9.0.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@9.0.14
2
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@10.0.4
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@10.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@10.0.4
aliases CVE-2026-26130, GHSA-4vgm-c2wm-63mw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qyfs-eq91-qbbc
7
url VCID-tcw1-8hqu-fbbz
vulnerability_id VCID-tcw1-8hqu-fbbz
summary 
Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55315.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55315.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55315
reference_id
reference_type
scores
0
value 0.01681
scoring_system epss
scoring_elements 0.82551
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55315
2
reference_url https://github.com/dotnet/announcements/issues/371
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/announcements/issues/371
3
reference_url https://github.com/dotnet/aspnetcore
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2403085
reference_id 2403085
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2403085
5
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52492.py
reference_id CVE-2025-55315
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52492.py
6
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315
reference_id CVE-2025-55315
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-28T12:57:54Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55315
reference_id CVE-2025-55315
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55315
8
reference_url https://github.com/advisories/GHSA-5rrx-jjjq-q2r5
reference_id GHSA-5rrx-jjjq-q2r5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5rrx-jjjq-q2r5
9
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-5rrx-jjjq-q2r5
reference_id GHSA-5rrx-jjjq-q2r5
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-5rrx-jjjq-q2r5
10
reference_url https://access.redhat.com/errata/RHSA-2025:18148
reference_id RHSA-2025:18148
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18148
11
reference_url https://access.redhat.com/errata/RHSA-2025:18149
reference_id RHSA-2025:18149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18149
12
reference_url https://access.redhat.com/errata/RHSA-2025:18150
reference_id RHSA-2025:18150
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18150
13
reference_url https://access.redhat.com/errata/RHSA-2025:18151
reference_id RHSA-2025:18151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18151
14
reference_url https://access.redhat.com/errata/RHSA-2025:18152
reference_id RHSA-2025:18152
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18152
15
reference_url https://access.redhat.com/errata/RHSA-2025:18153
reference_id RHSA-2025:18153
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18153
16
reference_url https://access.redhat.com/errata/RHSA-2025:18256
reference_id RHSA-2025:18256
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18256
17
reference_url https://access.redhat.com/errata/RHSA-2025:23225
reference_id RHSA-2025:23225
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23225
18
reference_url https://access.redhat.com/errata/RHSA-2026:9080
reference_id RHSA-2026:9080
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:9080
19
reference_url https://access.redhat.com/errata/RHSA-2026:9205
reference_id RHSA-2026:9205
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:9205
20
reference_url https://usn.ubuntu.com/7822-1/
reference_id USN-7822-1
reference_type
scores
url https://usn.ubuntu.com/7822-1/
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.21
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.21
1
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@9.0.10
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@9.0.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@9.0.10
2
url pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@10.0.0-rc.2.25502.107
purl pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@10.0.0-rc.2.25502.107
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@10.0.0-rc.2.25502.107
aliases CVE-2025-55315, GHSA-5rrx-jjjq-q2r5
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tcw1-8hqu-fbbz
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@8.0.0