Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-d4mn-hm9u-3qbk

Summary

Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core
Microsoft is aware of a denial of service vulnerability in ASP.NET Core when a malformed request is terminated. An attacker who successfully exploited this vulnerability could cause a denial of service attack.

The update addresses the vulnerability by correcting how ASP.NET Core handles such requests.

Aliases

alias	GHSA-cgpw-2gph-2r9g

alias	GMS-2018-36

alias	GMS-2018-38

alias	GMS-2018-44

Fixed_packages

url	pkg:nuget/Microsoft.AspNetCore.All@2.0.9
purl	pkg:nuget/Microsoft.AspNetCore.All@2.0.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.0.9

url pkg:nuget/Microsoft.AspNetCore.All@2.1.2

purl pkg:nuget/Microsoft.AspNetCore.All@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh7-wm35-3kb2

vulnerability	VCID-v6vu-9ybt-tqbc

vulnerability	VCID-w8qv-heb5-87fd

vulnerability	VCID-xgtm-9d66-rugc

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.1.2

url pkg:nuget/Microsoft.AspNetCore.App@2.1.2

purl pkg:nuget/Microsoft.AspNetCore.App@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh7-wm35-3kb2

vulnerability	VCID-v6vu-9ybt-tqbc

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.1.2

url	pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.0.4
purl	pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.0.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.0.4

url pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.1.2

purl pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6vu-9ybt-tqbc

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.1.2

Affected_packages

url pkg:nuget/Microsoft.AspNetCore.All@2.0.0

purl pkg:nuget/Microsoft.AspNetCore.All@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ur7-5ks2-7qcp

vulnerability	VCID-29gq-c3xj-q7h7

vulnerability	VCID-8g89-1cr9-gbc6

vulnerability	VCID-bn5n-p8fz-ebb5

vulnerability	VCID-d4mn-hm9u-3qbk

vulnerability	VCID-dqj9-4t8f-eyhs

vulnerability	VCID-ju3g-r5sj-4ueq

vulnerability	VCID-pvuk-47gw-kfa5

vulnerability	VCID-q249-gkbg-b3bs

vulnerability	VCID-tbhf-u22y-cfa1

vulnerability	VCID-zrsj-apsr-wqh1

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.0.0

url pkg:nuget/Microsoft.AspNetCore.All@2.1.0

purl pkg:nuget/Microsoft.AspNetCore.All@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh7-wm35-3kb2

vulnerability	VCID-c94t-hevg-xych

vulnerability	VCID-d4mn-hm9u-3qbk

vulnerability	VCID-dq9y-u457-6uhc

vulnerability	VCID-dw22-bazh-4qa9

vulnerability	VCID-kv27-b4ve-d3ax

vulnerability	VCID-v6vu-9ybt-tqbc

vulnerability	VCID-vrkf-8nhe-7uc6

vulnerability	VCID-w8qv-heb5-87fd

vulnerability	VCID-xgtm-9d66-rugc

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.1.0

url pkg:nuget/Microsoft.AspNetCore.App@2.1.0

purl pkg:nuget/Microsoft.AspNetCore.App@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh7-wm35-3kb2

vulnerability	VCID-d4mn-hm9u-3qbk

vulnerability	VCID-v6vu-9ybt-tqbc

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App@2.1.0

url pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.0.0

purl pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ur7-5ks2-7qcp

vulnerability	VCID-d4mn-hm9u-3qbk

vulnerability	VCID-dqj9-4t8f-eyhs

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.0.0

url pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.1.0

purl pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d4mn-hm9u-3qbk

vulnerability	VCID-v6vu-9ybt-tqbc

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.1.0

References

reference_url	https://github.com/aspnet/Announcements/issues/311
reference_id
reference_type
scores
url	https://github.com/aspnet/Announcements/issues/311

reference_url	https://github.com/advisories/GHSA-cgpw-2gph-2r9g
reference_id	GHSA-cgpw-2gph-2r9g
reference_type
scores
url	https://github.com/advisories/GHSA-cgpw-2gph-2r9g

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4mn-hm9u-3qbk

Vulnerability Instance