{"url":"http://public2.vulnerablecode.io/api/packages/409095?format=json","purl":"pkg:apk/alpine/dotnet8-runtime@8.0.10-r0?arch=x86_64&distroversion=v3.21&reponame=community","type":"apk","namespace":"alpine","name":"dotnet8-runtime","version":"8.0.10-r0","qualifiers":{"arch":"x86_64","distroversion":"v3.21","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"8.0.12-r0","latest_non_vulnerable_version":"8.0.27-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55969?format=json","vulnerability_id":"VCID-1yay-p22b-zfhm","summary":"Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability\nMicrosoft is releasing this security advisory to provide information about a vulnerability in System.Text.Json 6.0.x and 8.0.x. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nIn System.Text.Json 6.0.x and 8.0.x, applications which deserialize input to a model with an `[JsonExtensionData]` property can be vulnerable to an algorithmic complexity attack resulting in Denial of Service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43485.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43485.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43485","reference_id":"","reference_type":"","scores":[{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73258","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73234","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73247","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73265","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73259","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43485"},{"reference_url":"https://github.com/dotnet/announcements/issues/329","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/announcements/issues/329"},{"reference_url":"https://github.com/dotnet/runtime","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/runtime"},{"reference_url":"https://github.com/dotnet/runtime/issues/108678","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/runtime/issues/108678"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315731","reference_id":"2315731","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315731"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43485","reference_id":"CVE-2024-43485","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T18:54:45Z/"}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43485"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43485","reference_id":"CVE-2024-43485","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43485"},{"reference_url":"https://github.com/advisories/GHSA-8g4q-xg66-9fp4","reference_id":"GHSA-8g4q-xg66-9fp4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8g4q-xg66-9fp4"},{"reference_url":"https://github.com/dotnet/runtime/security/advisories/GHSA-8g4q-xg66-9fp4","reference_id":"GHSA-8g4q-xg66-9fp4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/runtime/security/advisories/GHSA-8g4q-xg66-9fp4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7851","reference_id":"RHSA-2024:7851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7867","reference_id":"RHSA-2024:7867","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7868","reference_id":"RHSA-2024:7868","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7869","reference_id":"RHSA-2024:7869","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7869"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8036","reference_id":"RHSA-2024:8036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8047","reference_id":"RHSA-2024:8047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8048","reference_id":"RHSA-2024:8048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8082","reference_id":"RHSA-2024:8082","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8082"},{"reference_url":"https://usn.ubuntu.com/7058-1/","reference_id":"USN-7058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/409095?format=json","purl":"pkg:apk/alpine/dotnet8-runtime@8.0.10-r0?arch=x86_64&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dotnet8-runtime@8.0.10-r0%3Farch=x86_64&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2024-43485","GHSA-8g4q-xg66-9fp4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1yay-p22b-zfhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55960?format=json","vulnerability_id":"VCID-41ej-wew7-1feb","summary":"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability\nMicrosoft is releasing this security advisory to provide information about a vulnerability in  .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nA vulnerability exists in ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free.\n\nNote: HTTP/3 is experimental in .NET 6.0. If you are on .NET 6.0 and using HTTP/3, please upgrade to .NET 8.0.10. .NET 6.0 will not receive a security patch for this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38229.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38229.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38229","reference_id":"","reference_type":"","scores":[{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76978","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76957","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76968","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.7698","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00968","scoring_system":"epss","scoring_elements":"0.76971","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38229"},{"reference_url":"https://github.com/dotnet/announcements/issues/326","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/announcements/issues/326"},{"reference_url":"https://github.com/dotnet/aspnetcore","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/aspnetcore"},{"reference_url":"https://github.com/dotnet/aspnetcore/issues/58297","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/aspnetcore/issues/58297"},{"reference_url":"https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/endpoints?view=aspnetcore-8.0#configure-http-protocols-in-appsettingsjson","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/endpoints?view=aspnetcore-8.0#configure-http-protocols-in-appsettingsjson"},{"reference_url":"https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/http3?view=aspnetcore-8.0#getting-started","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/http3?view=aspnetcore-8.0#getting-started"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2316161","reference_id":"2316161","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2316161"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38229","reference_id":"CVE-2024-38229","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-08T18:55:00Z/"}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38229"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38229","reference_id":"CVE-2024-38229","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38229"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2024-38229","reference_id":"CVE-2024-38229","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2024-38229"},{"reference_url":"https://github.com/advisories/GHSA-7vw9-cfwx-9gx9","reference_id":"GHSA-7vw9-cfwx-9gx9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7vw9-cfwx-9gx9"},{"reference_url":"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-7vw9-cfwx-9gx9","reference_id":"GHSA-7vw9-cfwx-9gx9","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/aspnetcore/security/advisories/GHSA-7vw9-cfwx-9gx9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7868","reference_id":"RHSA-2024:7868","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7869","reference_id":"RHSA-2024:7869","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7869"},{"reference_url":"https://usn.ubuntu.com/7058-1/","reference_id":"USN-7058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/409095?format=json","purl":"pkg:apk/alpine/dotnet8-runtime@8.0.10-r0?arch=x86_64&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dotnet8-runtime@8.0.10-r0%3Farch=x86_64&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2024-38229","GHSA-7vw9-cfwx-9gx9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-41ej-wew7-1feb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55967?format=json","vulnerability_id":"VCID-8nwp-nv7v-3qar","summary":"Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability\nMicrosoft is releasing this security advisory to provide information about a vulnerability in System.IO.Packaging. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nThe System.IO.Packaging library may allow untrusted inputs to influence algorithmically complex operations, leading to denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43484.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43484.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43484","reference_id":"","reference_type":"","scores":[{"value":"0.0121","scoring_system":"epss","scoring_elements":"0.79348","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0121","scoring_system":"epss","scoring_elements":"0.79329","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0121","scoring_system":"epss","scoring_elements":"0.79339","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0121","scoring_system":"epss","scoring_elements":"0.79347","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0121","scoring_system":"epss","scoring_elements":"0.79342","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43484"},{"reference_url":"https://github.com/dotnet/announcements/issues/328","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/announcements/issues/328"},{"reference_url":"https://github.com/dotnet/runtime","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/runtime"},{"reference_url":"https://github.com/dotnet/runtime/issues/108676","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/runtime/issues/108676"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250328-0007","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250328-0007"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315729","reference_id":"2315729","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315729"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43484","reference_id":"CVE-2024-43484","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T18:54:47Z/"}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43484"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43484","reference_id":"CVE-2024-43484","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43484"},{"reference_url":"https://github.com/advisories/GHSA-f32c-w444-8ppv","reference_id":"GHSA-f32c-w444-8ppv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f32c-w444-8ppv"},{"reference_url":"https://github.com/dotnet/runtime/security/advisories/GHSA-f32c-w444-8ppv","reference_id":"GHSA-f32c-w444-8ppv","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/runtime/security/advisories/GHSA-f32c-w444-8ppv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7851","reference_id":"RHSA-2024:7851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7867","reference_id":"RHSA-2024:7867","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7868","reference_id":"RHSA-2024:7868","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7869","reference_id":"RHSA-2024:7869","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7869"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8036","reference_id":"RHSA-2024:8036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8047","reference_id":"RHSA-2024:8047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8048","reference_id":"RHSA-2024:8048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8082","reference_id":"RHSA-2024:8082","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8082"},{"reference_url":"https://usn.ubuntu.com/7058-1/","reference_id":"USN-7058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/409095?format=json","purl":"pkg:apk/alpine/dotnet8-runtime@8.0.10-r0?arch=x86_64&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dotnet8-runtime@8.0.10-r0%3Farch=x86_64&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2024-43484","GHSA-f32c-w444-8ppv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8nwp-nv7v-3qar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55961?format=json","vulnerability_id":"VCID-mc82-t75p-hqga","summary":"Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability\nMicrosoft is releasing this security advisory to provide information about a vulnerability in  System.Security.Cryptography.Cose, System.IO.Packaging, Microsoft.Extensions.Caching.Memory. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nSystem.Security.Cryptography.Cose, System.IO.Packaging, Microsoft.Extensions.Caching.Memory may be exposed to a hostile input which may lead them to be susceptible to hash flooding attacks resulting in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43483.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43483.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43483","reference_id":"","reference_type":"","scores":[{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73258","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73234","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73247","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73265","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73259","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43483"},{"reference_url":"https://github.com/dotnet/runtime","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/runtime"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315730","reference_id":"2315730","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315730"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43483","reference_id":"CVE-2024-43483","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T18:54:49Z/"}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43483"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43483","reference_id":"CVE-2024-43483","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43483"},{"reference_url":"https://github.com/advisories/GHSA-qj66-m88j-hmgj","reference_id":"GHSA-qj66-m88j-hmgj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qj66-m88j-hmgj"},{"reference_url":"https://github.com/dotnet/runtime/security/advisories/GHSA-qj66-m88j-hmgj","reference_id":"GHSA-qj66-m88j-hmgj","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/runtime/security/advisories/GHSA-qj66-m88j-hmgj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7851","reference_id":"RHSA-2024:7851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7867","reference_id":"RHSA-2024:7867","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7868","reference_id":"RHSA-2024:7868","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7869","reference_id":"RHSA-2024:7869","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7869"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8036","reference_id":"RHSA-2024:8036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8047","reference_id":"RHSA-2024:8047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8048","reference_id":"RHSA-2024:8048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8082","reference_id":"RHSA-2024:8082","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8082"},{"reference_url":"https://usn.ubuntu.com/7058-1/","reference_id":"USN-7058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/409095?format=json","purl":"pkg:apk/alpine/dotnet8-runtime@8.0.10-r0?arch=x86_64&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dotnet8-runtime@8.0.10-r0%3Farch=x86_64&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2024-43483","GHSA-qj66-m88j-hmgj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mc82-t75p-hqga"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dotnet8-runtime@8.0.10-r0%3Farch=x86_64&distroversion=v3.21&reponame=community"}