-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
C#C#| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.AspNetCore.SignalR.Protocols.MessagePack | nuget | >= 1.1.0, < 1.1.5 | 1.1.5 |
| Microsoft.AspNetCore.SignalR.Protocols.MessagePack | nuget | >= 1.0.0, < 1.0.11 | 1.0.11 |
Miggo AIRoot Cause AnalysisThe vulnerability exists in SignalR's MessagePack protocol implementation, which handles web request processing. The advisory specifically mentions improper request handling leading to DoS, and MessagePackHubProtocol is the core component for MessagePack message processing. The ReadMessage method is the primary deserialization entry point where improper input validation would manifest. The patched versions (1.0.11/1.1.5) likely added size limits and validation checks in this deserialization path.
Ongoing coverage of React2Shell