Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.1.25
Typenuget
Namespace
NameMicrosoft.AspNetCore.Server.Kestrel.Core
Version2.1.25
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.3.6
Latest_non_vulnerable_version2.3.6
Affected_by_vulnerabilities
0
url VCID-cju3-5hjk-h3d3
vulnerability_id VCID-cju3-5hjk-h3d3
summary 
Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55315.json
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55315.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55315
reference_id
reference_type
scores
0
value 0.00205
scoring_system epss
scoring_elements 0.42645
published_at 2026-04-02T12:55:00Z
1
value 0.00205
scoring_system epss
scoring_elements 0.42672
published_at 2026-04-04T12:55:00Z
2
value 0.01104
scoring_system epss
scoring_elements 0.78068
published_at 2026-04-08T12:55:00Z
3
value 0.01104
scoring_system epss
scoring_elements 0.78042
published_at 2026-04-07T12:55:00Z
4
value 0.01284
scoring_system epss
scoring_elements 0.79633
published_at 2026-04-11T12:55:00Z
5
value 0.01284
scoring_system epss
scoring_elements 0.79612
published_at 2026-04-09T12:55:00Z
6
value 0.01284
scoring_system epss
scoring_elements 0.79639
published_at 2026-04-18T12:55:00Z
7
value 0.01284
scoring_system epss
scoring_elements 0.79609
published_at 2026-04-13T12:55:00Z
8
value 0.01284
scoring_system epss
scoring_elements 0.7964
published_at 2026-04-16T12:55:00Z
9
value 0.01284
scoring_system epss
scoring_elements 0.79617
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55315
2
reference_url https://github.com/dotnet/announcements/issues/371
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/announcements/issues/371
3
reference_url https://github.com/dotnet/aspnetcore
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2403085
reference_id 2403085
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2403085
5
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52492.py
reference_id CVE-2025-55315
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52492.py
6
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315
reference_id CVE-2025-55315
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-28T12:57:54Z/
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55315
reference_id CVE-2025-55315
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55315
8
reference_url https://github.com/advisories/GHSA-5rrx-jjjq-q2r5
reference_id GHSA-5rrx-jjjq-q2r5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5rrx-jjjq-q2r5
9
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-5rrx-jjjq-q2r5
reference_id GHSA-5rrx-jjjq-q2r5
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-5rrx-jjjq-q2r5
10
reference_url https://access.redhat.com/errata/RHSA-2025:18148
reference_id RHSA-2025:18148
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18148
11
reference_url https://access.redhat.com/errata/RHSA-2025:18149
reference_id RHSA-2025:18149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18149
12
reference_url https://access.redhat.com/errata/RHSA-2025:18150
reference_id RHSA-2025:18150
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18150
13
reference_url https://access.redhat.com/errata/RHSA-2025:18151
reference_id RHSA-2025:18151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18151
14
reference_url https://access.redhat.com/errata/RHSA-2025:18152
reference_id RHSA-2025:18152
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18152
15
reference_url https://access.redhat.com/errata/RHSA-2025:18153
reference_id RHSA-2025:18153
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18153
16
reference_url https://access.redhat.com/errata/RHSA-2025:18256
reference_id RHSA-2025:18256
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18256
17
reference_url https://access.redhat.com/errata/RHSA-2025:23225
reference_id RHSA-2025:23225
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23225
18
reference_url https://usn.ubuntu.com/7822-1/
reference_id USN-7822-1
reference_type
scores
url https://usn.ubuntu.com/7822-1/
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.3.6
purl pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.3.6
aliases CVE-2025-55315, GHSA-5rrx-jjjq-q2r5
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cju3-5hjk-h3d3
Fixing_vulnerabilities
0
url VCID-nx74-pj4e-4fde
vulnerability_id VCID-nx74-pj4e-4fde
summary 
ASP.NET Core and Visual Studio Denial of Service Vulnerability
A denial-of-service vulnerability exists in the way Kestrel parses HTTP/2 requests. The security update addresses the vulnerability by fixing the way the Kestrel parses HTTP/2 requests. Users are advised to upgrade.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-1723.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-1723.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-1723
reference_id
reference_type
scores
0
value 0.04579
scoring_system epss
scoring_elements 0.89229
published_at 2026-04-18T12:55:00Z
1
value 0.04579
scoring_system epss
scoring_elements 0.89169
published_at 2026-04-01T12:55:00Z
2
value 0.04579
scoring_system epss
scoring_elements 0.89175
published_at 2026-04-02T12:55:00Z
3
value 0.04579
scoring_system epss
scoring_elements 0.89189
published_at 2026-04-04T12:55:00Z
4
value 0.04579
scoring_system epss
scoring_elements 0.89192
published_at 2026-04-07T12:55:00Z
5
value 0.04579
scoring_system epss
scoring_elements 0.8921
published_at 2026-04-08T12:55:00Z
6
value 0.04579
scoring_system epss
scoring_elements 0.89214
published_at 2026-04-09T12:55:00Z
7
value 0.04579
scoring_system epss
scoring_elements 0.89224
published_at 2026-04-11T12:55:00Z
8
value 0.04579
scoring_system epss
scoring_elements 0.8922
published_at 2026-04-12T12:55:00Z
9
value 0.04579
scoring_system epss
scoring_elements 0.89217
published_at 2026-04-13T12:55:00Z
10
value 0.04579
scoring_system epss
scoring_elements 0.8923
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-1723
2
reference_url https://github.com/dotnet/announcements/issues/170
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/announcements/issues/170
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW
5
reference_url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1723
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1723
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-1723
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-1723
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1914258
reference_id 1914258
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1914258
8
reference_url https://security.archlinux.org/ASA-202103-16
reference_id ASA-202103-16
reference_type
scores
url https://security.archlinux.org/ASA-202103-16
9
reference_url https://security.archlinux.org/ASA-202103-17
reference_id ASA-202103-17
reference_type
scores
url https://security.archlinux.org/ASA-202103-17
10
reference_url https://security.archlinux.org/AVG-1449
reference_id AVG-1449
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1449
11
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723
reference_id CVE-2021-1723
reference_type
scores
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1723
12
reference_url https://github.com/advisories/GHSA-242j-2gm6-5rwx
reference_id GHSA-242j-2gm6-5rwx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-242j-2gm6-5rwx
13
reference_url https://access.redhat.com/errata/RHSA-2021:0094
reference_id RHSA-2021:0094
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0094
14
reference_url https://access.redhat.com/errata/RHSA-2021:0095
reference_id RHSA-2021:0095
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0095
15
reference_url https://access.redhat.com/errata/RHSA-2021:0096
reference_id RHSA-2021:0096
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0096
16
reference_url https://access.redhat.com/errata/RHSA-2021:0114
reference_id RHSA-2021:0114
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0114
fixed_packages
0
url pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.1.25
purl pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.1.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cju3-5hjk-h3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.1.25
aliases CVE-2021-1723, GHSA-242j-2gm6-5rwx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nx74-pj4e-4fde
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.1.25