Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability.

Affected Packages

NuGet Microsoft.NETCore.App

Affected versions: 1.0.0 (fixed in 1.0.7)

NuGet Microsoft.NETCore.App

Affected versions: 1.1.0 (fixed in 1.1.4)

Related CVEs

CVE-2017-8585

Key Information

GHSA ID

GHSA-8884-xcr4-r68p

Published

May 17, 2022 12:19 AM

Last Modified

November 1, 2022 9:39 PM

CVSS Score

7.5 /10

Primary Ecosystem

NuGet

Primary Package

Microsoft.NETCore.App

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.