VulnerableCode Package Details - pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.1.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-1gtv-nubh-73a9 Aliases: CVE-2019-0564 GHSA-6px8-22w5-w334	Microsoft Security Advisory CVE-2019-0564: ASP.NET Core Denial of Service Vulnerability	2.1.7 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-cju3-5hjk-h3d3 Aliases: CVE-2025-55315 GHSA-5rrx-jjjq-q2r5	Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.	2.3.6 Affected by 0 other vulnerabilities.
VCID-ct2x-rftj-tydp Aliases: GHSA-cgpw-2gph-2r9g GMS-2018-36 GMS-2018-38 GMS-2018-44	Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core Microsoft is aware of a denial of service vulnerability in ASP.NET Core when a malformed request is terminated. An attacker who successfully exploited this vulnerability could cause a denial of service attack. The update addresses the vulnerability by correcting how ASP.NET Core handles such requests.	2.1.2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-nx74-pj4e-4fde Aliases: CVE-2021-1723 GHSA-242j-2gm6-5rwx	ASP.NET Core and Visual Studio Denial of Service Vulnerability A denial-of-service vulnerability exists in the way Kestrel parses HTTP/2 requests. The security update addresses the vulnerability by fixing the way the Kestrel parses HTTP/2 requests. Users are advised to upgrade.	2.1.25 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-1gtv-nubh-73a9
Aliases:
CVE-2019-0564
GHSA-6px8-22w5-w334

Microsoft Security Advisory CVE-2019-0564: ASP.NET Core Denial of Service Vulnerability

2.1.7
Affected by 2 other vulnerabilities.

VCID-cju3-5hjk-h3d3
Aliases:
CVE-2025-55315
GHSA-5rrx-jjjq-q2r5

Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

2.3.6
Affected by 0 other vulnerabilities.

VCID-ct2x-rftj-tydp
Aliases:
GHSA-cgpw-2gph-2r9g
GMS-2018-36
GMS-2018-38
GMS-2018-44

Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core Microsoft is aware of a denial of service vulnerability in ASP.NET Core when a malformed request is terminated. An attacker who successfully exploited this vulnerability could cause a denial of service attack. The update addresses the vulnerability by correcting how ASP.NET Core handles such requests.

2.1.2
Affected by 3 other vulnerabilities.

VCID-nx74-pj4e-4fde
Aliases:
CVE-2021-1723
GHSA-242j-2gm6-5rwx

ASP.NET Core and Visual Studio Denial of Service Vulnerability A denial-of-service vulnerability exists in the way Kestrel parses HTTP/2 requests. The security update addresses the vulnerability by fixing the way the Kestrel parses HTTP/2 requests. Users are advised to upgrade.

2.1.25
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:47:58.963759+00:00	GitLab Importer	Affected by	VCID-cju3-5hjk-h3d3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2025-55315.yml	38.4.0
2026-04-16T21:59:44.204987+00:00	GitLab Importer	Affected by	VCID-nx74-pj4e-4fde	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2021-1723.yml	38.4.0
2026-04-16T21:51:04.981150+00:00	GitLab Importer	Affected by	VCID-1gtv-nubh-73a9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2019-0564.yml	38.4.0
2026-04-16T20:48:40.632605+00:00	GitLab Importer	Affected by	VCID-ct2x-rftj-tydp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/GMS-2018-38.yml	38.4.0
2026-04-12T01:09:15.877828+00:00	GitLab Importer	Affected by	VCID-cju3-5hjk-h3d3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2025-55315.yml	38.3.0
2026-04-11T23:15:18.444607+00:00	GitLab Importer	Affected by	VCID-nx74-pj4e-4fde	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2021-1723.yml	38.3.0
2026-04-11T23:07:11.470964+00:00	GitLab Importer	Affected by	VCID-1gtv-nubh-73a9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2019-0564.yml	38.3.0
2026-04-11T21:59:35.883705+00:00	GitLab Importer	Affected by	VCID-ct2x-rftj-tydp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/GMS-2018-38.yml	38.3.0
2026-04-03T01:17:58.357768+00:00	GitLab Importer	Affected by	VCID-cju3-5hjk-h3d3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2025-55315.yml	38.1.0
2026-04-02T23:23:12.562403+00:00	GitLab Importer	Affected by	VCID-nx74-pj4e-4fde	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2021-1723.yml	38.1.0
2026-04-02T23:15:22.178281+00:00	GitLab Importer	Affected by	VCID-1gtv-nubh-73a9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2019-0564.yml	38.1.0
2026-04-02T22:12:47.789851+00:00	GitLab Importer	Affected by	VCID-ct2x-rftj-tydp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/GMS-2018-38.yml	38.1.0
2026-04-01T17:44:15.964111+00:00	GitLab Importer	Affected by	VCID-nx74-pj4e-4fde	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2021-1723.yml	38.0.0
2026-04-01T17:35:23.497839+00:00	GitLab Importer	Affected by	VCID-1gtv-nubh-73a9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2019-0564.yml	38.0.0
2026-04-01T16:30:11.041135+00:00	GitLab Importer	Affected by	VCID-ct2x-rftj-tydp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/GMS-2018-38.yml	38.0.0
2026-04-01T12:38:29.496141+00:00	RetireDotNet Importer	Affected by	VCID-1gtv-nubh-73a9	https://github.com/RetireNet/Packages/blob/master/Content/12.json	38.0.0