CVE-2021-1723: ASP.NET Core and Visual Studio Denial of Service Vulnerability
(updated )
A denial-of-service vulnerability exists in the way Kestrel parses HTTP/2 requests. The security update addresses the vulnerability by fixing the way the Kestrel parses HTTP/2 requests. Users are advised to upgrade.
References
- github.com/advisories/GHSA-242j-2gm6-5rwx
- github.com/dotnet/announcements/issues/170
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L27CGRVEWUPELNJOGTCW6GLEDBECB4B
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRXHERXW4KR5WCP76UDW5PC7GX3YQLUW
- msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1723
- nvd.nist.gov/vuln/detail/CVE-2021-1723
Detect and mitigate CVE-2021-1723 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →