VulnerableCode Package Details - pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.1.7

Search for packages

Vulnerability	Summary	Fixed by
VCID-cju3-5hjk-h3d3 Aliases: CVE-2025-55315 GHSA-5rrx-jjjq-q2r5	Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.	2.3.6 Affected by 0 other vulnerabilities.
VCID-nx74-pj4e-4fde Aliases: CVE-2021-1723 GHSA-242j-2gm6-5rwx	ASP.NET Core and Visual Studio Denial of Service Vulnerability A denial-of-service vulnerability exists in the way Kestrel parses HTTP/2 requests. The security update addresses the vulnerability by fixing the way the Kestrel parses HTTP/2 requests. Users are advised to upgrade.	2.1.25 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-cju3-5hjk-h3d3
Aliases:
CVE-2025-55315
GHSA-5rrx-jjjq-q2r5

Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

2.3.6
Affected by 0 other vulnerabilities.

VCID-nx74-pj4e-4fde
Aliases:
CVE-2021-1723
GHSA-242j-2gm6-5rwx

ASP.NET Core and Visual Studio Denial of Service Vulnerability A denial-of-service vulnerability exists in the way Kestrel parses HTTP/2 requests. The security update addresses the vulnerability by fixing the way the Kestrel parses HTTP/2 requests. Users are advised to upgrade.

2.1.25
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-1gtv-nubh-73a9	Microsoft Security Advisory CVE-2019-0564: ASP.NET Core Denial of Service Vulnerability	CVE-2019-0564 GHSA-6px8-22w5-w334

Vulnerability

Summary

Aliases

VCID-1gtv-nubh-73a9

Microsoft Security Advisory CVE-2019-0564: ASP.NET Core Denial of Service Vulnerability

CVE-2019-0564
GHSA-6px8-22w5-w334

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:47:58.974120+00:00	GitLab Importer	Affected by	VCID-cju3-5hjk-h3d3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2025-55315.yml	38.4.0
2026-04-16T21:59:44.215154+00:00	GitLab Importer	Affected by	VCID-nx74-pj4e-4fde	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2021-1723.yml	38.4.0
2026-04-16T21:51:04.991986+00:00	GitLab Importer	Fixing	VCID-1gtv-nubh-73a9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2019-0564.yml	38.4.0
2026-04-12T01:09:15.888220+00:00	GitLab Importer	Affected by	VCID-cju3-5hjk-h3d3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2025-55315.yml	38.3.0
2026-04-11T23:15:18.456065+00:00	GitLab Importer	Affected by	VCID-nx74-pj4e-4fde	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2021-1723.yml	38.3.0
2026-04-11T23:07:11.475751+00:00	GitLab Importer	Fixing	VCID-1gtv-nubh-73a9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2019-0564.yml	38.3.0
2026-04-04T14:30:35.287126+00:00	GHSA Importer	Fixing	VCID-1gtv-nubh-73a9	https://github.com/advisories/GHSA-6px8-22w5-w334	38.1.0
2026-04-03T01:17:58.368794+00:00	GitLab Importer	Affected by	VCID-cju3-5hjk-h3d3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2025-55315.yml	38.1.0
2026-04-02T23:23:12.572210+00:00	GitLab Importer	Affected by	VCID-nx74-pj4e-4fde	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2021-1723.yml	38.1.0
2026-04-02T23:15:22.188517+00:00	GitLab Importer	Fixing	VCID-1gtv-nubh-73a9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2019-0564.yml	38.1.0
2026-04-01T17:44:15.968698+00:00	GitLab Importer	Affected by	VCID-nx74-pj4e-4fde	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2021-1723.yml	38.0.0
2026-04-01T13:07:59.195024+00:00	GithubOSV Importer	Fixing	VCID-1gtv-nubh-73a9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6px8-22w5-w334/GHSA-6px8-22w5-w334.json	38.0.0
2026-04-01T12:50:32.727648+00:00	GitLab Importer	Fixing	VCID-1gtv-nubh-73a9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Server.Kestrel.Core/CVE-2019-0564.yml	38.0.0
2026-04-01T12:38:29.491285+00:00	RetireDotNet Importer	Fixing	VCID-1gtv-nubh-73a9	https://github.com/RetireNet/Packages/blob/master/Content/12.json	38.0.0