Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:alpm/archlinux/aspnet-runtime@5.0.6.sdk203-1
Typealpm
Namespacearchlinux
Nameaspnet-runtime
Version5.0.6.sdk203-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.0.7.sdk204-1
Latest_non_vulnerable_version5.0.7.sdk204-1
Affected_by_vulnerabilities
0
url VCID-mkvc-qau4-tqcd
vulnerability_id VCID-mkvc-qau4-tqcd
summary 
# Withdrawn

This advisory was initially published and mapped incorrectly to nuget `Microsoft.NETCore.App.Ref`. We later reanalyzed this advisory and found it does not have a direct mapping to a NuGet package.  Thus we have withdrawn this advisory.

The underlying ASP.NET Core Denial of Service Vulnerability and CVE-2021-31957 remain legitimate.

# Description.

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A denial of service vulnerability exists when ASP.NET Core improperly handles client disconnect. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.


### Patches

* If you're using .NET 5.0, you should download and install Runtime 5.0.7 or SDK 5.0.204 (for Visual Studio 2019 v16.8) or SDK 5.0.301 (for Visual Studio 2019 16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0.

* If you're using .NET Core 3.1, you should download and install Runtime 3.1.16 or SDK 3.1.116 (for Visual Studio 2019 v16.4) or 3.1.410 (for Visual Studio 2019 v16.5 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1.



#### Other Details

- Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/188
- An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/33369
- MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31957
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31957.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31957.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31957
reference_id
reference_type
scores
0
value 0.068
scoring_system epss
scoring_elements 0.91323
published_at 2026-04-13T12:55:00Z
1
value 0.068
scoring_system epss
scoring_elements 0.91324
published_at 2026-04-12T12:55:00Z
2
value 0.068
scoring_system epss
scoring_elements 0.91322
published_at 2026-04-11T12:55:00Z
3
value 0.068
scoring_system epss
scoring_elements 0.91315
published_at 2026-04-09T12:55:00Z
4
value 0.068
scoring_system epss
scoring_elements 0.91308
published_at 2026-04-08T12:55:00Z
5
value 0.068
scoring_system epss
scoring_elements 0.91296
published_at 2026-04-07T12:55:00Z
6
value 0.068
scoring_system epss
scoring_elements 0.91289
published_at 2026-04-04T12:55:00Z
7
value 0.068
scoring_system epss
scoring_elements 0.91279
published_at 2026-04-02T12:55:00Z
8
value 0.068
scoring_system epss
scoring_elements 0.91274
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31957
2
reference_url https://github.com/dotnet/aspnetcore
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore
3
reference_url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-mcwm-2wmc-6hv4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/dotnet/aspnetcore/security/advisories/GHSA-mcwm-2wmc-6hv4
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY/
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31957
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31957
13
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1966990
reference_id 1966990
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1966990
15
reference_url https://security.archlinux.org/ASA-202106-37
reference_id ASA-202106-37
reference_type
scores
url https://security.archlinux.org/ASA-202106-37
16
reference_url https://security.archlinux.org/AVG-2046
reference_id AVG-2046
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2046
17
reference_url https://github.com/advisories/GHSA-mcwm-2wmc-6hv4
reference_id GHSA-mcwm-2wmc-6hv4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mcwm-2wmc-6hv4
18
reference_url https://access.redhat.com/errata/RHSA-2021:2350
reference_id RHSA-2021:2350
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2350
19
reference_url https://access.redhat.com/errata/RHSA-2021:2351
reference_id RHSA-2021:2351
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2351
20
reference_url https://access.redhat.com/errata/RHSA-2021:2352
reference_id RHSA-2021:2352
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2352
21
reference_url https://access.redhat.com/errata/RHSA-2021:2353
reference_id RHSA-2021:2353
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2353
fixed_packages
0
url pkg:alpm/archlinux/aspnet-runtime@5.0.7.sdk204-1
purl pkg:alpm/archlinux/aspnet-runtime@5.0.7.sdk204-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspnet-runtime@5.0.7.sdk204-1
aliases CVE-2021-31957, GHSA-mcwm-2wmc-6hv4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkvc-qau4-tqcd
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspnet-runtime@5.0.6.sdk203-1