-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.NETCore.App | nuget | >= 2.1.0, < 2.1.18 | 2.1.18 |
| Microsoft.NETCore.App.Runtime.linux-arm | nuget | >= 3.1.0, < 3.1.4 | 3.1.4 |
| Microsoft.NETCore.App.Runtime.linux-arm64 | nuget | >= 3.1.0, < 3.1.4 | 3.1.4 |
| Microsoft.NETCore.App.Runtime.linux-musl-arm64 | nuget | >= 3.1.0, < 3.1.4 | 3.1.4 |
| Microsoft.NETCore.App.Runtime.linux-musl-x64 | nuget | >= 3.1.0, < 3.1.4 | 3.1.4 |
| Microsoft.NETCore.App.Runtime.linux-x64 | nuget | >= 3.1.0, < 3.1.4 | 3.1.4 |
| Microsoft.NETCore.App.Runtime.osx-x64 | nuget | >= 3.1.0, < 3.1.4 | 3.1.4 |
| Microsoft.NETCore.App.Runtime.rhel.6-x64 | nuget | >= 3.1.0, < 3.1.4 | 3.1.4 |
| Microsoft.NETCore.App.Runtime.win-arm | nuget | >= 3.1.0, < 3.1.4 | 3.1.4 |
| Microsoft.NETCore.App.Runtime.win-arm64 | nuget | >= 3.1.0, < 3.1.4 | 3.1.4 |
| Microsoft.NETCore.App.Runtime.win-x64 | nuget | >= 3.1.0, < 3.1.4 | 3.1.4 |
| Microsoft.NETCore.App.Runtime.win-x86 | nuget | >= 3.1.0, < 3.1.4 | 3.1.4 |
Miggo AIRoot Cause AnalysisThe vulnerability involves improper handling of web requests in ASP.NET Core's Kestrel server. While no direct patch diffs are available, Microsoft's advisory explicitly mentions HTTP request processing fixes. The ParseHeaders() and ParseRequestLine() functions are critical points in HTTP message parsing where improper input handling could lead to DoS. These components were previously involved in similar CVEs (CVE-2020-1045) and are logical candidates for request processing vulnerabilities. The medium confidence reflects the lack of direct commit evidence, but aligns with Microsoft's description of the fix scope and Kestrel's architecture.
C#C#Ongoing coverage of React2Shell