Search for vulnerabilities
Vulnerability details: VCID-231z-8sfm-aaaj
Vulnerability ID VCID-231z-8sfm-aaaj
Aliases CVE-2024-21386
GHSA-g74q-5xw3-j7q9
Summary Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-400 Uncontrolled Resource Consumption
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21386.json
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00063 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00065 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00937 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00937 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00937 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00937 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00937 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00937 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00937 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00937 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00937 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00937 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00937 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00937 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00937 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00937 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00937 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00937 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00937 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.00937 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01624 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.01669 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.10262 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.10262 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.10262 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.10262 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.10262 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.10262 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.10262 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.10262 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.10262 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.10262 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.10262 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
epss 0.25705 https://api.first.org/data/v1/epss?cve=CVE-2024-21386
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-g74q-5xw3-j7q9
cvssv3.1 8.1 https://github.com/dotnet/aspnetcore
generic_textual HIGH https://github.com/dotnet/aspnetcore
cvssv3.1_qr CRITICAL https://github.com/dotnet/aspnetcore/security/advisories/GHSA-g74q-5xw3-j7q9
cvssv3.1 7.5 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386
ssvc Track https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-21386
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-21386
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21386.json
https://api.first.org/data/v1/epss?cve=CVE-2024-21386
https://github.com/dotnet/aspnetcore
2263085 https://bugzilla.redhat.com/show_bug.cgi?id=2263085
cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net_core:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net_core:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:7.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net_core:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:asp.net_core:8.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*
CVE-2024-21386 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386
CVE-2024-21386 https://nvd.nist.gov/vuln/detail/CVE-2024-21386
GHSA-g74q-5xw3-j7q9 https://github.com/advisories/GHSA-g74q-5xw3-j7q9
GHSA-g74q-5xw3-j7q9 https://github.com/dotnet/aspnetcore/security/advisories/GHSA-g74q-5xw3-j7q9
RHSA-2024:0805 https://access.redhat.com/errata/RHSA-2024:0805
RHSA-2024:0806 https://access.redhat.com/errata/RHSA-2024:0806
RHSA-2024:0807 https://access.redhat.com/errata/RHSA-2024:0807
RHSA-2024:0808 https://access.redhat.com/errata/RHSA-2024:0808
RHSA-2024:0814 https://access.redhat.com/errata/RHSA-2024:0814
RHSA-2024:0827 https://access.redhat.com/errata/RHSA-2024:0827
RHSA-2024:0848 https://access.redhat.com/errata/RHSA-2024:0848
RHSA-2024:2843 https://access.redhat.com/errata/RHSA-2024:2843
RHSA-2024:3340 https://access.redhat.com/errata/RHSA-2024:3340
USN-6634-1 https://usn.ubuntu.com/6634-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21386.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Found at https://github.com/dotnet/aspnetcore
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T20:15:43Z/ Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-21386
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-21386
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.23481
EPSS Score 0.00053
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-02-13T20:27:43.687319+00:00 GHSA Importer Import https://github.com/advisories/GHSA-g74q-5xw3-j7q9 34.0.0rc2