Releases327
Frequency1 week 4 days
Last Release
Stars22K
.NET news, announcements, release notes, and more!

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
7.5 HIGH

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

< 10.3.06.5 MEDIUM

Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0.

7.5 HIGH5 MEDIUM

<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p> <p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>