microsoft.aspnetcore.server.kestrel.core.2.1.7.nupkg: 1 vulnerabilities (highest severity is: 7.5)
mend-bolt-for-github opened this issue · 0 comments
Vulnerable Library - microsoft.aspnetcore.server.kestrel.core.2.1.7.nupkg
Core components of ASP.NET Core Kestrel cross-platform web server.
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.server.kestrel.core.2.1.7.nupkg
Path to dependency file: /src/CoreWCF.NetTcp/src/CoreWCF.NetTcp.csproj
Path to vulnerable library: /src/CoreWCF.NetTcp/src/CoreWCF.NetTcp.csproj
Vulnerabilities
CVE | Severity | CVSS | Dependency | Type | Fixed in (microsoft.aspnetcore.server.kestrel.core.2.1.7.nupkg version) | Remediation Available |
---|---|---|---|---|---|---|
CVE-2021-1723 | High | 7.5 | microsoft.aspnetcore.server.kestrel.core.2.1.7.nupkg | Direct | Microsoft.AspNetCore.App.Runtime.win-arm64 - 5.0.2;LiveReloadServer - 1.1.0;Plugga.Core - 1.0.2;Maple.Branch.Module - 1.0.4;Microsoft.AspNetCore.Components.WebAssembly.Server - 5.0.1,5.0.0-rc.1.20451.17;AspNetCoreRuntime.5.0.x64 - 5.0.2;AspNetCoreRuntime.5.0.x86 - 5.0.2;Microsoft.AspNetCore.App.Runtime.osx-x64 - 5.0.2,3.1.10;GrazeDocs - 2.0.1;Microsoft.AspNetCore.App.Runtime.linux-musl-arm - 5.0.2;Microsoft.AspNetCore.App.Runtime.linux-musl-x64 - 5.0.2,3.1.10;YHWins.Template - 1.1.0;Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 - 3.1.10,5.0.2;Microsoft.AspNetCore.App.Runtime.linux-arm64 - 3.1.10,5.0.2;Microsoft.AspNetCore.App.Ref - 3.1.10,6.0.0-rc.1.21452.15;Microsoft.AspNetCore.Blazor.DevServer - 3.2.0-preview1.20073.1,3.1.0-preview4.19579.2;Microsoft.AspNetCore.App.Runtime.linux-arm - 3.1.10,5.0.2;Microsoft.AspNetCore.App.Runtime.linux-x64 - 3.1.10,5.0.2;stankins.console - 2020.12.20-beta298;Toolbelt.Blazor.DevServer.WithCssLiveReloader - 5.0.1,5.0.0-rc.1.20451.17;DragonFire.Server - 0.0.1-alpha.0;PoExtractor.OrchardCore - 0.5.0-rc2-16220;Microsoft.AspNetCore.App.Runtime.win-arm - 3.1.10,5.0.2;Microsoft.AspNetCore.App.Runtime.win-x64 - 3.1.10,5.0.2;Microsoft.AspNetCore.App.Runtime.win-x86 - 3.1.10,5.0.2;HuLu.Template.Api - 1.0.2;AspNetCoreRuntime.3.1.x64 - 3.1.10;AspNetCoreRuntime.3.1.x86 - 3.1.10;Microsoft.AspNetCore.Components.WebAssembly.DevServer - 5.0.0-rc.1.20451.17,5.0.1;Microsoft.AspNetCore.App.Runtime.win-arm64 - 3.1.10;lingman-webapi - 0.0.18 | ❌ |
Details
CVE-2021-1723
Vulnerable Library - microsoft.aspnetcore.server.kestrel.core.2.1.7.nupkg
Core components of ASP.NET Core Kestrel cross-platform web server.
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.server.kestrel.core.2.1.7.nupkg
Path to dependency file: /src/CoreWCF.NetTcp/src/CoreWCF.NetTcp.csproj
Path to vulnerable library: /src/CoreWCF.NetTcp/src/CoreWCF.NetTcp.csproj
Dependency Hierarchy:
- ❌ microsoft.aspnetcore.server.kestrel.core.2.1.7.nupkg (Vulnerable Library)
Vulnerability Details
ASP.NET Core and Visual Studio Denial of Service Vulnerability
Publish Date: 2021-01-12
URL: CVE-2021-1723
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-1723
Release Date: 2021-01-12
Fix Resolution: Microsoft.AspNetCore.App.Runtime.win-arm64 - 5.0.2;LiveReloadServer - 1.1.0;Plugga.Core - 1.0.2;Maple.Branch.Module - 1.0.4;Microsoft.AspNetCore.Components.WebAssembly.Server - 5.0.1,5.0.0-rc.1.20451.17;AspNetCoreRuntime.5.0.x64 - 5.0.2;AspNetCoreRuntime.5.0.x86 - 5.0.2;Microsoft.AspNetCore.App.Runtime.osx-x64 - 5.0.2,3.1.10;GrazeDocs - 2.0.1;Microsoft.AspNetCore.App.Runtime.linux-musl-arm - 5.0.2;Microsoft.AspNetCore.App.Runtime.linux-musl-x64 - 5.0.2,3.1.10;YHWins.Template - 1.1.0;Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 - 3.1.10,5.0.2;Microsoft.AspNetCore.App.Runtime.linux-arm64 - 3.1.10,5.0.2;Microsoft.AspNetCore.App.Ref - 3.1.10,6.0.0-rc.1.21452.15;Microsoft.AspNetCore.Blazor.DevServer - 3.2.0-preview1.20073.1,3.1.0-preview4.19579.2;Microsoft.AspNetCore.App.Runtime.linux-arm - 3.1.10,5.0.2;Microsoft.AspNetCore.App.Runtime.linux-x64 - 3.1.10,5.0.2;stankins.console - 2020.12.20-beta298;Toolbelt.Blazor.DevServer.WithCssLiveReloader - 5.0.1,5.0.0-rc.1.20451.17;DragonFire.Server - 0.0.1-alpha.0;PoExtractor.OrchardCore - 0.5.0-rc2-16220;Microsoft.AspNetCore.App.Runtime.win-arm - 3.1.10,5.0.2;Microsoft.AspNetCore.App.Runtime.win-x64 - 3.1.10,5.0.2;Microsoft.AspNetCore.App.Runtime.win-x86 - 3.1.10,5.0.2;HuLu.Template.Api - 1.0.2;AspNetCoreRuntime.3.1.x64 - 3.1.10;AspNetCoreRuntime.3.1.x86 - 3.1.10;Microsoft.AspNetCore.Components.WebAssembly.DevServer - 5.0.0-rc.1.20451.17,5.0.1;Microsoft.AspNetCore.App.Runtime.win-arm64 - 3.1.10;lingman-webapi - 0.0.18
Step up your Open Source Security Game with Mend here