Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-dq9y-u457-6uhc

Summary

Uncontrolled Resource Consumption
.NET and Visual Studio Denial of Service Vulnerability

Aliases

alias	CVE-2023-38180

alias	GHSA-vmch-3w2x-vhgq

Fixed_packages

url pkg:nuget/Microsoft.AspNetCore.All@2.1.1

purl pkg:nuget/Microsoft.AspNetCore.All@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh7-wm35-3kb2

vulnerability	VCID-v6vu-9ybt-tqbc

vulnerability	VCID-xgtm-9d66-rugc

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.1.1

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm64@6.0.21
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm64@6.0.21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm64@6.0.21

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm64@7.0.10
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm64@7.0.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-arm64@7.0.10

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x64@6.0.21
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x64@6.0.21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x64@6.0.21

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x64@7.0.10
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x64@7.0.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x64@7.0.10

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.21
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@6.0.21

url	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@7.0.10
purl	pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@7.0.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@7.0.10

url	pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv@2.1.40
purl	pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv@2.1.40
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv@2.1.40

url	pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv@6.0.21
purl	pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv@6.0.21
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv@6.0.21

url	pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets@2.1.40
purl	pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets@2.1.40
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets@2.1.40

Affected_packages

url pkg:nuget/Microsoft.AspNetCore.All@2.1.0

purl pkg:nuget/Microsoft.AspNetCore.All@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3nh7-wm35-3kb2

vulnerability	VCID-c94t-hevg-xych

vulnerability	VCID-d4mn-hm9u-3qbk

vulnerability	VCID-dq9y-u457-6uhc

vulnerability	VCID-dw22-bazh-4qa9

vulnerability	VCID-kv27-b4ve-d3ax

vulnerability	VCID-v6vu-9ybt-tqbc

vulnerability	VCID-vrkf-8nhe-7uc6

vulnerability	VCID-w8qv-heb5-87fd

vulnerability	VCID-xgtm-9d66-rugc

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.All@2.1.0

References

reference_url	https://github.com/dotnet/runtime
reference_id
reference_type
scores
url	https://github.com/dotnet/runtime

reference_url	https://github.com/dotnet/runtime/issues/90170
reference_id
reference_type
scores
url	https://github.com/dotnet/runtime/issues/90170

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWVZFKTLNMNKPZ755EMRYIA6GHFOWGKY
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWVZFKTLNMNKPZ755EMRYIA6GHFOWGKY

reference_url	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38180
reference_id
reference_type
scores
url	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38180

reference_url	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180
reference_id	CVE-2023-38180
reference_type
scores
url	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-38180
reference_id	CVE-2023-38180
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-38180

reference_url	https://github.com/advisories/GHSA-vmch-3w2x-vhgq
reference_id	GHSA-vmch-3w2x-vhgq
reference_type
scores
url	https://github.com/advisories/GHSA-vmch-3w2x-vhgq

reference_url	https://github.com/dotnet/runtime/security/advisories/GHSA-vmch-3w2x-vhgq
reference_id	GHSA-vmch-3w2x-vhgq
reference_type
scores
url	https://github.com/dotnet/runtime/security/advisories/GHSA-vmch-3w2x-vhgq

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	400
name	Uncontrolled Resource Consumption
description	The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dq9y-u457-6uhc

Vulnerability Instance