{"url":"http://public2.vulnerablecode.io/api/packages/182347?format=json","purl":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@5.0.2","type":"nuget","namespace":"","name":"Microsoft.AspNetCore.App.Runtime.linux-musl-arm","version":"5.0.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.0.27","latest_non_vulnerable_version":"10.0.8","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43104?format=json","vulnerability_id":"VCID-1zru-rfet-uqhy","summary":"dotnet: ASP.NET Denial of Service via FormPipeReader","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24464.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24464.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24464","reference_id":"","reference_type":"","scores":[{"value":"0.0064","scoring_system":"epss","scoring_elements":"0.70881","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24464"},{"reference_url":"https://github.com/dotnet/announcements/issues/212","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/announcements/issues/212"},{"reference_url":"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-cw98-9j8w-wxv9"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-27T14:00:22Z/"}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24464","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24464"},{"reference_url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24464"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2061847","reference_id":"2061847","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2061847"},{"reference_url":"https://github.com/advisories/GHSA-cw98-9j8w-wxv9","reference_id":"GHSA-cw98-9j8w-wxv9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cw98-9j8w-wxv9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0826","reference_id":"RHSA-2022:0826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0827","reference_id":"RHSA-2022:0827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0828","reference_id":"RHSA-2022:0828","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0828"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0829","reference_id":"RHSA-2022:0829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0830","reference_id":"RHSA-2022:0830","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0830"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0832","reference_id":"RHSA-2022:0832","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0832"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84575?format=json","purl":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@5.0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nbt-rxr7-pydu"},{"vulnerability":"VCID-7mbn-zdp2-23b9"},{"vulnerability":"VCID-cs2k-6wme-wygn"},{"vulnerability":"VCID-en2z-p5te-ybch"},{"vulnerability":"VCID-jqfj-cvm7-9bcg"},{"vulnerability":"VCID-sy4j-sueh-wyen"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@5.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/84586?format=json","purl":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nbt-rxr7-pydu"},{"vulnerability":"VCID-7mbn-zdp2-23b9"},{"vulnerability":"VCID-bm85-a4e3-e3gu"},{"vulnerability":"VCID-cs2k-6wme-wygn"},{"vulnerability":"VCID-en2z-p5te-ybch"},{"vulnerability":"VCID-jqfj-cvm7-9bcg"},{"vulnerability":"VCID-sy4j-sueh-wyen"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.3"}],"aliases":["CVE-2022-24464","GHSA-cw98-9j8w-wxv9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1zru-rfet-uqhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42399?format=json","vulnerability_id":"VCID-4nbt-rxr7-pydu","summary":"dotnet: malicious content causes high CPU and memory usage","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29117.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29117.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29117","reference_id":"","reference_type":"","scores":[{"value":"0.01387","scoring_system":"epss","scoring_elements":"0.80642","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29117"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dotnet/aspnetcore","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/aspnetcore"},{"reference_url":"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-3rq8-h3gj-r5c6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY/"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29117","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:34:50Z/"}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29117"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29117","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29117"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2083647","reference_id":"2083647","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2083647"},{"reference_url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117","reference_id":"CVE-2022-29117","reference_type":"","scores":[],"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29117"},{"reference_url":"https://github.com/advisories/GHSA-3rq8-h3gj-r5c6","reference_id":"GHSA-3rq8-h3gj-r5c6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3rq8-h3gj-r5c6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2194","reference_id":"RHSA-2022:2194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2195","reference_id":"RHSA-2022:2195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2196","reference_id":"RHSA-2022:2196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2199","reference_id":"RHSA-2022:2199","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2199"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2200","reference_id":"RHSA-2022:2200","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2200"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2202","reference_id":"RHSA-2022:2202","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2202"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4588","reference_id":"RHSA-2022:4588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4588"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84434?format=json","purl":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@5.0.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mbn-zdp2-23b9"},{"vulnerability":"VCID-cs2k-6wme-wygn"},{"vulnerability":"VCID-en2z-p5te-ybch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@5.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/84437?format=json","purl":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mbn-zdp2-23b9"},{"vulnerability":"VCID-bm85-a4e3-e3gu"},{"vulnerability":"VCID-cs2k-6wme-wygn"},{"vulnerability":"VCID-en2z-p5te-ybch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.5"}],"aliases":["CVE-2022-29117","GHSA-3rq8-h3gj-r5c6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4nbt-rxr7-pydu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41258?format=json","vulnerability_id":"VCID-7mbn-zdp2-23b9","summary":"dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38013.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38013.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38013","reference_id":"","reference_type":"","scores":[{"value":"0.01487","scoring_system":"epss","scoring_elements":"0.81337","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38013"},{"reference_url":"https://github.com/dotnet/aspnetcore","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/aspnetcore"},{"reference_url":"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-r8m2-4x37-6592","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-r8m2-4x37-6592"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7HCV4TQGOTOFHO5ETRKGFKAGYV2YAUVE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JA6F4CDKLI3MALV6UK3P2DR5AGCLTT7Y"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4K5YL7USOKIR3O2DUKBZMYPWXYPDKXG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL334CKOHA6BQQSYJW365HIWJ4IOE45M"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-15T14:39:58Z/"}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38013"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-38013","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-38013"},{"reference_url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2125124","reference_id":"2125124","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2125124"},{"reference_url":"https://github.com/advisories/GHSA-r8m2-4x37-6592","reference_id":"GHSA-r8m2-4x37-6592","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r8m2-4x37-6592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6520","reference_id":"RHSA-2022:6520","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6520"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6521","reference_id":"RHSA-2022:6521","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6522","reference_id":"RHSA-2022:6522","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6522"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6523","reference_id":"RHSA-2022:6523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6523"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6539","reference_id":"RHSA-2022:6539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6539"},{"reference_url":"https://usn.ubuntu.com/5609-1/","reference_id":"USN-5609-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5609-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85458?format=json","purl":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cs2k-6wme-wygn"},{"vulnerability":"VCID-en2z-p5te-ybch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.9"}],"aliases":["CVE-2022-38013","GHSA-r8m2-4x37-6592"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7mbn-zdp2-23b9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38038?format=json","vulnerability_id":"VCID-cs2k-6wme-wygn","summary":"dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33170.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33170.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33170","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47412","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33170"},{"reference_url":"https://github.com/dotnet/aspnetcore","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/aspnetcore"},{"reference_url":"https://github.com/dotnet/aspnetcore/issues/49334","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/aspnetcore/issues/49334"},{"reference_url":"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-25c8-p796-jg6r","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-25c8-p796-jg6r"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL/"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-03T16:24:03Z/"}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33170","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33170"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2221854","reference_id":"2221854","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2221854"},{"reference_url":"https://github.com/advisories/GHSA-25c8-p796-jg6r","reference_id":"GHSA-25c8-p796-jg6r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-25c8-p796-jg6r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4057","reference_id":"RHSA-2023:4057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4058","reference_id":"RHSA-2023:4058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4059","reference_id":"RHSA-2023:4059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4060","reference_id":"RHSA-2023:4060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4061","reference_id":"RHSA-2023:4061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4448","reference_id":"RHSA-2023:4448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4449","reference_id":"RHSA-2023:4449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4449"},{"reference_url":"https://usn.ubuntu.com/6217-1/","reference_id":"USN-6217-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6217-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71420?format=json","purl":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-en2z-p5te-ybch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/71438?format=json","purl":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@7.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-en2z-p5te-ybch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@7.0.9"}],"aliases":["CVE-2023-33170","GHSA-25c8-p796-jg6r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cs2k-6wme-wygn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10092?format=json","vulnerability_id":"VCID-en2z-p5te-ybch","summary":"# Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability\n\n## Executive summary\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in ASP.NET 6.0, ASP.NET 7.0 and, ASP.NET 8.0 . This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.\n\nA vulnerability exists in ASP.NET applications using SignalR where a malicious client can result in a denial-of-service.\n\n\n## Announcement\n\nAnnouncement for this issue can be found at https://github.com/dotnet/announcements/issues/295\n\n### Mitigation factors\n\nMicrosoft has not identified any mitigating factors for this vulnerability.\n\n## Affected software\n\n* Any .NET 6.0 application running on .NET 6.0.26 or earlier.\n* Any .NET 7.0 application running on .NET 7.0.15 or earlier.\n* Any .NET 8.0 application running on .NET 8.0.1 or earlier.\n\n## Affected Packages\nThe vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below\n\n### ASP.NET 6.0\n\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)               |  <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)           |  <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)     |  <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64) |  <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)     |  <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)               |  <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64)               |  <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)                   |  <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)                   |  <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)               |  <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)                   |  <= 6.0.26 | 6.0.27\n[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)                   |  <= 6.0.26 | 6.0.27\n\n\n\n### ASP.NET 7.0\n\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)               |  <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)           |  <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)     |  <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64) |  <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)     |  <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)               |  <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64)               |  <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)                   |  <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)                   |  <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)               |  <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)                   |  <= 7.0.15 | 7.0.16\n[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)                   |  <= 7.0.15 | 7.0.16\n\n### ASP.NET 8.0\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)               |  <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)           |  <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)     |  <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64) |  <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)     |  <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)               |  <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64)               |  <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)                   |  <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)                   |  <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)               |  <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)                   |  <= 8.0.1 | 8.0.2\n[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)                   |  <= 8.0.1 | 8.0.2\n\n## Advisory FAQ\n\n### How do I know if I am affected?\n\nIf you have a runtime or SDK with a version listed, or an affected package listed in [affected software](#affected-software) or [affected packages](#affected-packages) , you're exposed to the vulnerability.\n\n### How do I fix the issue?\n\n* To fix the issue please install the latest version of .NET 8.0 or .NET 7.0 or .NET 6.0. If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET  SDKs.\n* If you have .NET 6.0 or greater installed, you can list the versions you have installed by running the `dotnet --info` command. You will see output like the following;\n\n```\n.NET Core SDK (reflecting any global.json):\n\n Version:   6.0.200\n Commit:    8473146e7d\n\nRuntime Environment:\n\n OS Name:     Windows\n OS Version:  10.0.18363\n OS Platform: Windows\n RID:         win10-x64\n Base Path:   C:\\Program Files\\dotnet\\sdk\\6.0.300\\\n\nHost (useful for support):\n\n  Version: 6.0.5\n  Commit:  8473146e7d\n\n.NET Core SDKs installed:\n\n  6.0.200 [C:\\Program Files\\dotnet\\sdk]\n\n.NET Core runtimes installed:\n\n  Microsoft.AspNetCore.App 6.0.5 [C:\\Program Files\\dotnet\\shared\\Microsoft.AspNetCore.App]\n  Microsoft.NETCore.App 6.0.5 [C:\\Program Files\\dotnet\\shared\\Microsoft.NETCore.App]\n  Microsoft.WindowsDesktop.App 6.0.5 [C:\\Program Files\\dotnet\\shared\\Microsoft.WindowsDesktop.App]\n\nTo install additional .NET Core runtimes or SDKs:\n  https://aka.ms/dotnet-download\n```\n\n* If you're using .NET 8.0, you should download and install .NET 8.0.2  Runtime or .NET 8.0.102 SDK (for Visual Studio 2022 v17.8) from https://dotnet.microsoft.com/download/dotnet-core/8.0.\n* If you're using .NET 7.0, you should download and install Runtime 7.0.16 or SDK 7.0.116 (for Visual Studio 2022 v17.4) from https://dotnet.microsoft.com/download/dotnet-core/7.0.\n* If you're using .NET 6.0, you should download and install Runtime 6.0.27 or SDK 6.0.419 from https://dotnet.microsoft.com/download/dotnet-core/6.0.\n\n.NET 6.0, .NET 7.0 and, .NET 8.0 updates are also available from Microsoft Update. To access this either type \"Check for updates\" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates.\n\nOnce you have installed the updated runtime or SDK, restart your apps for the update to take effect.\n\nAdditionally, if you've deployed [self-contained applications](https://docs.microsoft.com/dotnet/core/deploying/#self-contained-deployments-scd) targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed.\n\n## Other Information\n\n### Reporting Security Issues\n\nIf you have found a potential security issue in .NET 8.0 or .NET 7.0 or .NET 6.0, please email details to secure@microsoft.com. Reports may qualify for the Microsoft .NET Core & .NET 5 Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at <https://aka.ms/corebounty>.\n\n### Support\n\nYou can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime and https://github.com/dotnet/aspnet/. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.\n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### External Links\n\n[CVE-2024-21386]( https://www.cve.org/CVERecord?id=CVE-2024-21386)\n\n### Revisions\n\nV1.0 (February 13, 2024): Advisory published.\n\n_Version 1.0_\n\n_Last Updated 2024-02-13_","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21386.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21386.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21386","reference_id":"","reference_type":"","scores":[{"value":"0.02393","scoring_system":"epss","scoring_elements":"0.85288","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21386"},{"reference_url":"https://github.com/dotnet/aspnetcore","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/aspnetcore"},{"reference_url":"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-g74q-5xw3-j7q9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-g74q-5xw3-j7q9"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T20:15:43Z/"}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21386","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21386"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263085","reference_id":"2263085","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263085"},{"reference_url":"https://github.com/advisories/GHSA-g74q-5xw3-j7q9","reference_id":"GHSA-g74q-5xw3-j7q9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g74q-5xw3-j7q9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0805","reference_id":"RHSA-2024:0805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0806","reference_id":"RHSA-2024:0806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0807","reference_id":"RHSA-2024:0807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0808","reference_id":"RHSA-2024:0808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0814","reference_id":"RHSA-2024:0814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0814"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0827","reference_id":"RHSA-2024:0827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0848","reference_id":"RHSA-2024:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2843","reference_id":"RHSA-2024:2843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3340","reference_id":"RHSA-2024:3340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3340"},{"reference_url":"https://usn.ubuntu.com/6634-1/","reference_id":"USN-6634-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6634-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25863?format=json","purl":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.27","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.27"},{"url":"http://public2.vulnerablecode.io/api/packages/25881?format=json","purl":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@7.0.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@7.0.16"},{"url":"http://public2.vulnerablecode.io/api/packages/25898?format=json","purl":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@8.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ru54-746t-e3gc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@8.0.2"}],"aliases":["CVE-2024-21386","GHSA-g74q-5xw3-j7q9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-en2z-p5te-ybch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43405?format=json","vulnerability_id":"VCID-ja9e-8y45-bfau","summary":"dotnet: ASP.NET Core Krestel HTTP headers pooling denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21986.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21986.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21986","reference_id":"","reference_type":"","scores":[{"value":"0.017","scoring_system":"epss","scoring_elements":"0.826","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21986"},{"reference_url":"https://github.com/dotnet/announcements/issues/207","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/announcements/issues/207"},{"reference_url":"https://github.com/dotnet/aspnetcore","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/aspnetcore"},{"reference_url":"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-x459-p2rx-f8ff","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-x459-p2rx-f8ff"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HMQOHV7G5TF6OMBN6DNTDOKQQU7KHMM","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HMQOHV7G5TF6OMBN6DNTDOKQQU7KHMM"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HMQOHV7G5TF6OMBN6DNTDOKQQU7KHMM/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HMQOHV7G5TF6OMBN6DNTDOKQQU7KHMM/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCTBSBE3PNIMXG6ALX2CQG4ZEH7W3YAT","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCTBSBE3PNIMXG6ALX2CQG4ZEH7W3YAT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCTBSBE3PNIMXG6ALX2CQG4ZEH7W3YAT/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCTBSBE3PNIMXG6ALX2CQG4ZEH7W3YAT/"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21986","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21986"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21986","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21986"},{"reference_url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21986","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21986"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2051490","reference_id":"2051490","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2051490"},{"reference_url":"https://github.com/advisories/GHSA-x459-p2rx-f8ff","reference_id":"GHSA-x459-p2rx-f8ff","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x459-p2rx-f8ff"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0495","reference_id":"RHSA-2022:0495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0496","reference_id":"RHSA-2022:0496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0499","reference_id":"RHSA-2022:0499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0500","reference_id":"RHSA-2022:0500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0500"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84148?format=json","purl":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@5.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zru-rfet-uqhy"},{"vulnerability":"VCID-4nbt-rxr7-pydu"},{"vulnerability":"VCID-7mbn-zdp2-23b9"},{"vulnerability":"VCID-cs2k-6wme-wygn"},{"vulnerability":"VCID-en2z-p5te-ybch"},{"vulnerability":"VCID-jqfj-cvm7-9bcg"},{"vulnerability":"VCID-sy4j-sueh-wyen"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@5.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/84151?format=json","purl":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zru-rfet-uqhy"},{"vulnerability":"VCID-4nbt-rxr7-pydu"},{"vulnerability":"VCID-7mbn-zdp2-23b9"},{"vulnerability":"VCID-bm85-a4e3-e3gu"},{"vulnerability":"VCID-cs2k-6wme-wygn"},{"vulnerability":"VCID-en2z-p5te-ybch"},{"vulnerability":"VCID-jqfj-cvm7-9bcg"},{"vulnerability":"VCID-sy4j-sueh-wyen"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.2"}],"aliases":["CVE-2022-21986","GHSA-x459-p2rx-f8ff"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ja9e-8y45-bfau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42402?format=json","vulnerability_id":"VCID-jqfj-cvm7-9bcg","summary":"dotnet: parsing HTML causes Denial of Service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29145.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29145.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29145","reference_id":"","reference_type":"","scores":[{"value":"0.04164","scoring_system":"epss","scoring_elements":"0.88861","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29145"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-fcg8-mg9g-6hc4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-fcg8-mg9g-6hc4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29145","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-27T13:50:08Z/"}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29145"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29145","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29145"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2083649","reference_id":"2083649","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2083649"},{"reference_url":"https://github.com/advisories/GHSA-fcg8-mg9g-6hc4","reference_id":"GHSA-fcg8-mg9g-6hc4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fcg8-mg9g-6hc4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2194","reference_id":"RHSA-2022:2194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2195","reference_id":"RHSA-2022:2195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2196","reference_id":"RHSA-2022:2196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2199","reference_id":"RHSA-2022:2199","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2199"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2200","reference_id":"RHSA-2022:2200","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2200"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2202","reference_id":"RHSA-2022:2202","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2202"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4588","reference_id":"RHSA-2022:4588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4588"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84434?format=json","purl":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@5.0.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mbn-zdp2-23b9"},{"vulnerability":"VCID-cs2k-6wme-wygn"},{"vulnerability":"VCID-en2z-p5te-ybch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@5.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/84437?format=json","purl":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mbn-zdp2-23b9"},{"vulnerability":"VCID-bm85-a4e3-e3gu"},{"vulnerability":"VCID-cs2k-6wme-wygn"},{"vulnerability":"VCID-en2z-p5te-ybch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.5"}],"aliases":["CVE-2022-29145","GHSA-fcg8-mg9g-6hc4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jqfj-cvm7-9bcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42405?format=json","vulnerability_id":"VCID-sy4j-sueh-wyen","summary":"dotnet: excess memory allocation via HttpClient causes DoS","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23267.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23267.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23267","reference_id":"","reference_type":"","scores":[{"value":"0.06422","scoring_system":"epss","scoring_elements":"0.9119","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23267"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/dotnet/announcements/issues/221","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/announcements/issues/221"},{"reference_url":"https://github.com/dotnet/runtime/security/advisories/GHSA-485p-mrj5-8w2v","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/runtime/security/advisories/GHSA-485p-mrj5-8w2v"},{"reference_url":"https://github.com/PowerShell/Announcements/issues/32","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/PowerShell/Announcements/issues/32"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXQL7EZORGU4PZCPJ5EPQ4P7IEY3ZZO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBYSBUDJYQ76HK4TULXVIIPCKK2U6WDB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5FPEQ6BTYRGTS6IYCDTZW6YF5HLQ3BY"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23267","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:36:15Z/"}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23267"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23267","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23267"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2083650","reference_id":"2083650","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2083650"},{"reference_url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267","reference_id":"CVE-2022-23267","reference_type":"","scores":[],"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267"},{"reference_url":"https://github.com/advisories/GHSA-485p-mrj5-8w2v","reference_id":"GHSA-485p-mrj5-8w2v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-485p-mrj5-8w2v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2194","reference_id":"RHSA-2022:2194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2195","reference_id":"RHSA-2022:2195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2196","reference_id":"RHSA-2022:2196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2199","reference_id":"RHSA-2022:2199","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2199"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2200","reference_id":"RHSA-2022:2200","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2200"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2202","reference_id":"RHSA-2022:2202","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2202"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4588","reference_id":"RHSA-2022:4588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4588"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84434?format=json","purl":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@5.0.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mbn-zdp2-23b9"},{"vulnerability":"VCID-cs2k-6wme-wygn"},{"vulnerability":"VCID-en2z-p5te-ybch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@5.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/84437?format=json","purl":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7mbn-zdp2-23b9"},{"vulnerability":"VCID-bm85-a4e3-e3gu"},{"vulnerability":"VCID-cs2k-6wme-wygn"},{"vulnerability":"VCID-en2z-p5te-ybch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@6.0.5"}],"aliases":["CVE-2022-23267","GHSA-485p-mrj5-8w2v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sy4j-sueh-wyen"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46151?format=json","vulnerability_id":"VCID-71cv-sc9x-rqg7","summary":"dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-1723.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-1723.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-1723","reference_id":"","reference_type":"","scores":[{"value":"0.0405","scoring_system":"epss","scoring_elements":"0.88705","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-1723"},{"reference_url":"https://github.com/dotnet/announcements/issues/170","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/announcements/issues/170"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1723","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1723"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-1723","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-1723"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1914258","reference_id":"1914258","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1914258"},{"reference_url":"https://security.archlinux.org/ASA-202103-16","reference_id":"ASA-202103-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202103-16"},{"reference_url":"https://security.archlinux.org/ASA-202103-17","reference_id":"ASA-202103-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202103-17"},{"reference_url":"https://security.archlinux.org/AVG-1449","reference_id":"AVG-1449","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1449"},{"reference_url":"https://github.com/advisories/GHSA-242j-2gm6-5rwx","reference_id":"GHSA-242j-2gm6-5rwx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-242j-2gm6-5rwx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0094","reference_id":"RHSA-2021:0094","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0094"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0095","reference_id":"RHSA-2021:0095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0096","reference_id":"RHSA-2021:0096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0114","reference_id":"RHSA-2021:0114","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0114"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/182347?format=json","purl":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@5.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zru-rfet-uqhy"},{"vulnerability":"VCID-4nbt-rxr7-pydu"},{"vulnerability":"VCID-7mbn-zdp2-23b9"},{"vulnerability":"VCID-cs2k-6wme-wygn"},{"vulnerability":"VCID-en2z-p5te-ybch"},{"vulnerability":"VCID-ja9e-8y45-bfau"},{"vulnerability":"VCID-jqfj-cvm7-9bcg"},{"vulnerability":"VCID-sy4j-sueh-wyen"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@5.0.2"}],"aliases":["CVE-2021-1723","GHSA-242j-2gm6-5rwx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-71cv-sc9x-rqg7"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm@5.0.2"}