Search for packages
| purl | pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.0.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-cju3-5hjk-h3d3
Aliases: CVE-2025-55315 GHSA-5rrx-jjjq-q2r5 |
Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. |
Affected by 0 other vulnerabilities. |
|
VCID-ct2x-rftj-tydp
Aliases: GHSA-cgpw-2gph-2r9g GMS-2018-36 GMS-2018-38 GMS-2018-44 |
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core Microsoft is aware of a denial of service vulnerability in ASP.NET Core when a malformed request is terminated. An attacker who successfully exploited this vulnerability could cause a denial of service attack. The update addresses the vulnerability by correcting how ASP.NET Core handles such requests. |
Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-nx74-pj4e-4fde
Aliases: CVE-2021-1723 GHSA-242j-2gm6-5rwx |
ASP.NET Core and Visual Studio Denial of Service Vulnerability A denial-of-service vulnerability exists in the way Kestrel parses HTTP/2 requests. The security update addresses the vulnerability by fixing the way the Kestrel parses HTTP/2 requests. Users are advised to upgrade. |
Affected by 1 other vulnerability. |
|
VCID-r262-q86s-pue7
Aliases: CVE-2018-0787 GHSA-365p-96qv-xr7g |
Weak Password Recovery Mechanism for Forgotten Password ASP.NET Core allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". |
Affected by 4 other vulnerabilities. |
|
VCID-vyrd-u846-8kdu
Aliases: GHSA-3m2r-q8x3-xmf7 GMS-2018-37 GMS-2018-39 GMS-2018-40 GMS-2018-43 |
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv Microsoft made an internal discovery of a security vulnerability in version 2.x of ASP.NET Core where a specially crafted request can cause excess resource consumption in Kestrel. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||