CVE-2024-21386

Description

.NET Denial of Service Vulnerability

How to fix CVE-2024-21386

To remediate CVE-2024-21386, upgrade the affected package to a fixed version below.

• Bitnami/aspnet-core—upgrade to 6.0.27 or later
• NuGet/Microsoft.AspNetCore.App.Runtime.linux-arm—upgrade to 6.0.27 or later
• NuGet/Microsoft.AspNetCore.App.Runtime.linux-arm64—upgrade to 6.0.27 or later
• —upgrade to 6.0.27 or later
• —upgrade to 6.0.27 or later
• —upgrade to 6.0.27 or later
• —upgrade to 6.0.27 or later
• —upgrade to 6.0.27 or later
• —upgrade to 6.0.27 or later
• —upgrade to 6.0.27 or later
• —upgrade to 6.0.27 or later
• —upgrade to 6.0.27 or later
• —upgrade to 6.0.27 or later

Is CVE-2024-21386 being exploited?

Low — EPSS is 2.4%, meaning exploitation activity has not been observed at scale.

Affected packages (13)

• >= 6.0.0, < 6.0.27, >= 7.0.0, < 7.0.16, >= 8.0.0, < 8.0.2
• from 0, < 6.0.27
• from 0, < 6.0.27
• from 0, < 6.0.27
• from 0, < 6.0.27
• from 0, < 6.0.27
• from 0, < 6.0.27
• from 0, < 6.0.27
• from 0, < 6.0.27

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-21386
• PATCHgithub.com/dotnet/aspnetcore
• WEBgithub.com/dotnet/aspnetcore/security/advisories/GHSA-g74q-5xw3-j7q9
• WEBmsrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386