Vulnerabilities affecting this package (1)
| Vulnerability |
Summary |
Fixed by |
VCID-mkvc-qau4-tqcd
Aliases:
CVE-2021-31957
GHSA-mcwm-2wmc-6hv4
|
# Withdrawn
This advisory was initially published and mapped incorrectly to nuget `Microsoft.NETCore.App.Ref`. We later reanalyzed this advisory and found it does not have a direct mapping to a NuGet package. Thus we have withdrawn this advisory.
The underlying ASP.NET Core Denial of Service Vulnerability and CVE-2021-31957 remain legitimate.
# Description.
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A denial of service vulnerability exists when ASP.NET Core improperly handles client disconnect. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.
### Patches
* If you're using .NET 5.0, you should download and install Runtime 5.0.7 or SDK 5.0.204 (for Visual Studio 2019 v16.8) or SDK 5.0.301 (for Visual Studio 2019 16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0.
* If you're using .NET Core 3.1, you should download and install Runtime 3.1.16 or SDK 3.1.116 (for Visual Studio 2019 v16.4) or 3.1.410 (for Visual Studio 2019 v16.5 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1.
#### Other Details
- Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/188
- An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/33369
- MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31957
|
There are no reported fixed by versions.
|
Vulnerabilities fixed by this package (0)
| Vulnerability |
Summary |
Aliases |
|
This package is not known to fix vulnerabilities.
|