-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
C#C#Ongoing coverage of React2Shell
Miggo AIRoot Cause AnalysisThe vulnerability manifests in SignalR's connection handling (CVE-2020-0603) with explicit references to memory corruption. Key functions were identified through: 1) ConnectionDispatcher being the entrypoint for client connections, 2) WebSocketsTransport being called out in Red Hat's patch notes for Http.Connections updates, and 3) Protocol parsing being a common attack surface for serialization vulnerabilities. Confidence levels reflect direct SignalR component involvement and alignment with CWE-787 memory corruption patterns.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.AspNetCore.All | nuget | >= 2.1.0, < 2.1.15 | 2.1.15 |
| Microsoft.AspNetCore.App | nuget | = 3.1.0 | 3.1.1 |
| Microsoft.AspNetCore.App | nuget | = 3.0.0 | 3.0.1 |
| Microsoft.AspNetCore.App | nuget | >= 2.1.0, < 2.1.15 | 2.1.15 |
| Microsoft.AspNetCore.Http.Connections | nuget | >= 1.0.0, < 1.0.15 | 1.0.15 |
| Microsoft.AspNetCore.App.Runtime.linux-arm | nuget | >= 3.1.0, < 3.1.1 | 3.1.1 |
| Microsoft.AspNetCore.App.Runtime.linux-arm64 | nuget | >= 3.1.0, < 3.1.1 | 3.1.1 |
| Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 | nuget | >= 3.1.0, < 3.1.1 | 3.1.1 |
| Microsoft.AspNetCore.App.Runtime.linux-musl-x64 | nuget | >= 3.1.0, < 3.1.1 | 3.1.1 |
| Microsoft.AspNetCore.App.Runtime.linux-x64 | nuget | >= 3.1.0, < 3.1.1 | 3.1.1 |
| Microsoft.AspNetCore.App.Runtime.osx-x64 | nuget | >= 3.1.0, < 3.1.1 | 3.1.1 |
| Microsoft.AspNetCore.App.Runtime.win-arm | nuget | >= 3.1.0, < 3.1.1 | 3.1.1 |
| Microsoft.AspNetCore.App.Runtime.win-x64 | nuget | >= 3.1.0, < 3.1.1 | 3.1.1 |
| Microsoft.AspNetCore.App.Runtime.win-x86 | nuget | >= 3.1.0, < 3.1.1 | 3.1.1 |