{"url":"http://public2.vulnerablecode.io/api/packages/513752?format=json","purl":"pkg:nuget/System.Text.Json@8.0.0","type":"nuget","namespace":"","name":"System.Text.Json","version":"8.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"8.0.5","latest_non_vulnerable_version":"8.0.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55969?format=json","vulnerability_id":"VCID-1yay-p22b-zfhm","summary":"Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability\nMicrosoft is releasing this security advisory to provide information about a vulnerability in System.Text.Json 6.0.x and 8.0.x. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nIn System.Text.Json 6.0.x and 8.0.x, applications which deserialize input to a model with an `[JsonExtensionData]` property can be vulnerable to an algorithmic complexity attack resulting in Denial of Service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43485.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43485.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43485","reference_id":"","reference_type":"","scores":[{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73258","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73234","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73247","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73265","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73259","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43485"},{"reference_url":"https://github.com/dotnet/announcements/issues/329","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/announcements/issues/329"},{"reference_url":"https://github.com/dotnet/runtime","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/runtime"},{"reference_url":"https://github.com/dotnet/runtime/issues/108678","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/runtime/issues/108678"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315731","reference_id":"2315731","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315731"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43485","reference_id":"CVE-2024-43485","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T18:54:45Z/"}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43485"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43485","reference_id":"CVE-2024-43485","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43485"},{"reference_url":"https://github.com/advisories/GHSA-8g4q-xg66-9fp4","reference_id":"GHSA-8g4q-xg66-9fp4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8g4q-xg66-9fp4"},{"reference_url":"https://github.com/dotnet/runtime/security/advisories/GHSA-8g4q-xg66-9fp4","reference_id":"GHSA-8g4q-xg66-9fp4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/runtime/security/advisories/GHSA-8g4q-xg66-9fp4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7851","reference_id":"RHSA-2024:7851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7867","reference_id":"RHSA-2024:7867","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7868","reference_id":"RHSA-2024:7868","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7869","reference_id":"RHSA-2024:7869","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7869"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8036","reference_id":"RHSA-2024:8036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8047","reference_id":"RHSA-2024:8047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8048","reference_id":"RHSA-2024:8048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8082","reference_id":"RHSA-2024:8082","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8082"},{"reference_url":"https://usn.ubuntu.com/7058-1/","reference_id":"USN-7058-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7058-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82903?format=json","purl":"pkg:nuget/System.Text.Json@8.0.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/System.Text.Json@8.0.5"}],"aliases":["CVE-2024-43485","GHSA-8g4q-xg66-9fp4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1yay-p22b-zfhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55492?format=json","vulnerability_id":"VCID-2pgn-ef4q-4bg2","summary":"Microsoft Security Advisory CVE-2024-30105 | .NET Denial of Service Vulnerability\nMicrosoft is releasing this security advisory to provide information about a vulnerability in  .NET 8.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nA vulnerability exists in .NET when calling the JsonSerializer.DeserializeAsyncEnumerable method against an untrusted input using System.Text.Json may result in Denial of Service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30105.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30105.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-30105","reference_id":"","reference_type":"","scores":[{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.83129","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.83117","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.83124","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.83128","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01793","scoring_system":"epss","scoring_elements":"0.83127","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-30105"},{"reference_url":"https://github.com/dotnet/runtime","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/runtime"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295320","reference_id":"2295320","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295320"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30105","reference_id":"CVE-2024-30105","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-10T15:05:16Z/"}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30105"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-30105","reference_id":"CVE-2024-30105","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-30105"},{"reference_url":"https://github.com/advisories/GHSA-hh2w-p6rv-4g7w","reference_id":"GHSA-hh2w-p6rv-4g7w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hh2w-p6rv-4g7w"},{"reference_url":"https://github.com/dotnet/runtime/security/advisories/GHSA-hh2w-p6rv-4g7w","reference_id":"GHSA-hh2w-p6rv-4g7w","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dotnet/runtime/security/advisories/GHSA-hh2w-p6rv-4g7w"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4450","reference_id":"RHSA-2024:4450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4451","reference_id":"RHSA-2024:4451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4451"},{"reference_url":"https://usn.ubuntu.com/6889-1/","reference_id":"USN-6889-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6889-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82105?format=json","purl":"pkg:nuget/System.Text.Json@8.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1yay-p22b-zfhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/System.Text.Json@8.0.4"}],"aliases":["CVE-2024-30105","GHSA-hh2w-p6rv-4g7w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2pgn-ef4q-4bg2"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/System.Text.Json@8.0.0"}