Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:nuget/Microsoft.AspNetCore.All@2.1.2

Type nuget

Namespace

Name Microsoft.AspNetCore.All

Version 2.1.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.1.13

Latest_non_vulnerable_version 2.2.7

Affected_by_vulnerabilities

url VCID-3nh7-wm35-3kb2

vulnerability_id VCID-3nh7-wm35-3kb2

summary Microsoft Security Advisory CVE-2018-8409: ASP.NET Core Denial Of Service Vulnerability

references

reference_url	https://github.com/aspnet/Announcements/issues/316
reference_id
reference_type
scores
url	https://github.com/aspnet/Announcements/issues/316

reference_url	https://github.com/dotnet/announcements/issues/83
reference_id
reference_type
scores
url	https://github.com/dotnet/announcements/issues/83

reference_url	http://www.securityfocus.com/bid/105223
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/105223

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-8409
reference_id	CVE-2018-8409
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-8409

reference_url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409
reference_id	CVE-2018-8409
reference_type
scores
url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409

reference_url	https://github.com/advisories/GHSA-j378-6mmw-hqfr
reference_id	GHSA-j378-6mmw-hqfr
reference_type
scores
url	https://github.com/advisories/GHSA-j378-6mmw-hqfr

fixed_packages

url pkg:nuget/Microsoft.AspNetCore.All@2.1.4

purl pkg:nuget/Microsoft.AspNetCore.All@2.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6vu-9ybt-tqbc

vulnerability	VCID-xgtm-9d66-rugc

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.1.4

aliases CVE-2018-8409, GHSA-j378-6mmw-hqfr

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3nh7-wm35-3kb2

url VCID-v6vu-9ybt-tqbc

vulnerability_id VCID-v6vu-9ybt-tqbc

summary Microsoft Security Advisory CVE-2019-0564: ASP.NET Core Denial of Service Vulnerability

references

reference_url	https://access.redhat.com/errata/RHSA-2019:0040
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0040

reference_url	https://github.com/aspnet/Announcements/issues/334
reference_id
reference_type
scores
url	https://github.com/aspnet/Announcements/issues/334

reference_url	https://github.com/github/advisory-database/issues/302
reference_id
reference_type
scores
url	https://github.com/github/advisory-database/issues/302

reference_url	http://www.securityfocus.com/bid/106413
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106413

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2019-0564
reference_id	CVE-2019-0564
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2019-0564

reference_url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564
reference_id	CVE-2019-0564
reference_type
scores
url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564

reference_url	https://github.com/advisories/GHSA-6px8-22w5-w334
reference_id	GHSA-6px8-22w5-w334
reference_type
scores
url	https://github.com/advisories/GHSA-6px8-22w5-w334

fixed_packages

url pkg:nuget/Microsoft.AspNetCore.All@2.1.7

purl pkg:nuget/Microsoft.AspNetCore.All@2.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-xgtm-9d66-rugc

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.1.7

url pkg:nuget/Microsoft.AspNetCore.All@2.2.0

purl pkg:nuget/Microsoft.AspNetCore.All@2.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-c94t-hevg-xych

vulnerability	VCID-v6vu-9ybt-tqbc

vulnerability	VCID-vrkf-8nhe-7uc6

vulnerability	VCID-xgtm-9d66-rugc

vulnerability	VCID-xnp7-eqhh-tkhd

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.2.0

url pkg:nuget/Microsoft.AspNetCore.All@2.2.1

purl pkg:nuget/Microsoft.AspNetCore.All@2.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-xgtm-9d66-rugc

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.2.1

aliases CVE-2019-0564, GHSA-6px8-22w5-w334

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v6vu-9ybt-tqbc

url VCID-w8qv-heb5-87fd

vulnerability_id VCID-w8qv-heb5-87fd

summary multiple issues

references

reference_url	https://github.com/dotnet/announcements/issues/195
reference_id
reference_type
scores
url	https://github.com/dotnet/announcements/issues/195

reference_url

https://security.archlinux.org/AVG-2277

reference_id

AVG-2277

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2277

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-34532
reference_id	CVE-2021-34532
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-34532

reference_url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34532
reference_id	CVE-2021-34532
reference_type
scores
url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34532

reference_url	https://github.com/advisories/GHSA-q7cg-43mg-qp69
reference_id	GHSA-q7cg-43mg-qp69
reference_type
scores
url	https://github.com/advisories/GHSA-q7cg-43mg-qp69

reference_url	https://github.com/dotnet/aspnetcore/security/advisories/GHSA-q7cg-43mg-qp69
reference_id	GHSA-q7cg-43mg-qp69
reference_type
scores
url	https://github.com/dotnet/aspnetcore/security/advisories/GHSA-q7cg-43mg-qp69

fixed_packages

url	pkg:nuget/Microsoft.AspNetCore.All@2.1.30
purl	pkg:nuget/Microsoft.AspNetCore.All@2.1.30
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.1.30

url	pkg:nuget/Microsoft.AspNetCore.All@3.1.18
purl	pkg:nuget/Microsoft.AspNetCore.All@3.1.18
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@3.1.18

url	pkg:nuget/Microsoft.AspNetCore.All@5.0.9
purl	pkg:nuget/Microsoft.AspNetCore.All@5.0.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@5.0.9

aliases CVE-2021-34532, GHSA-q7cg-43mg-qp69

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w8qv-heb5-87fd

url VCID-xgtm-9d66-rugc

vulnerability_id VCID-xgtm-9d66-rugc

summary Microsoft Security Advisory CVE-2018-8269: Denial of Service Vulnerability in OData

references

reference_url	https://github.com/aspnet/Announcements/issues/385
reference_id
reference_type
scores
url	https://github.com/aspnet/Announcements/issues/385

reference_url	https://github.com/dotnet/aspnetcore/issues/13860
reference_id
reference_type
scores
url	https://github.com/dotnet/aspnetcore/issues/13860

reference_url	https://github.com/github/advisory-database/issues/302
reference_id
reference_type
scores
url	https://github.com/github/advisory-database/issues/302

reference_url	https://www.exploit-db.com/exploits/46101/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/46101/

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/46101.rb
reference_id	CVE-2018-8269
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/46101.rb

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-8269
reference_id	CVE-2018-8269
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-8269

reference_url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8269
reference_id	CVE-2018-8269
reference_type
scores
url	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8269

reference_url	https://github.com/advisories/GHSA-mv2r-q4g5-j8q5
reference_id	GHSA-mv2r-q4g5-j8q5
reference_type
scores
url	https://github.com/advisories/GHSA-mv2r-q4g5-j8q5

fixed_packages

url	pkg:nuget/Microsoft.AspNetCore.All@2.1.13
purl	pkg:nuget/Microsoft.AspNetCore.All@2.1.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.1.13

url	pkg:nuget/Microsoft.AspNetCore.All@2.2.7
purl	pkg:nuget/Microsoft.AspNetCore.All@2.2.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.2.7

aliases CVE-2018-8269, GHSA-mv2r-q4g5-j8q5

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xgtm-9d66-rugc

Fixing_vulnerabilities

url VCID-d4mn-hm9u-3qbk

vulnerability_id VCID-d4mn-hm9u-3qbk

summary

Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core
Microsoft is aware of a denial of service vulnerability in ASP.NET Core when a malformed request is terminated. An attacker who successfully exploited this vulnerability could cause a denial of service attack.

The update addresses the vulnerability by correcting how ASP.NET Core handles such requests.

references

reference_url	https://github.com/aspnet/Announcements/issues/311
reference_id
reference_type
scores
url	https://github.com/aspnet/Announcements/issues/311

reference_url	https://github.com/advisories/GHSA-cgpw-2gph-2r9g
reference_id	GHSA-cgpw-2gph-2r9g
reference_type
scores
url	https://github.com/advisories/GHSA-cgpw-2gph-2r9g

fixed_packages

url	pkg:nuget/Microsoft.AspNetCore.All@2.0.9
purl	pkg:nuget/Microsoft.AspNetCore.All@2.0.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.0.9

url pkg:nuget/Microsoft.AspNetCore.All@2.1.2

purl pkg:nuget/Microsoft.AspNetCore.All@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh7-wm35-3kb2

vulnerability	VCID-v6vu-9ybt-tqbc

vulnerability	VCID-w8qv-heb5-87fd

vulnerability	VCID-xgtm-9d66-rugc

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.1.2

aliases GHSA-cgpw-2gph-2r9g, GMS-2018-36, GMS-2018-38, GMS-2018-44

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4mn-hm9u-3qbk

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.1.2

Package Instance