Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-8409

Good to know:

icon
icon

Date: September 12, 2018

A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.

Language: C#

Severity Score

Related Resources (5)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409
http://www.securityfocus.com/bid/105223
https://nvd.nist.gov/vuln/detail/CVE-2018-8409
https://github.com/advisories/GHSA-j378-6mmw-hqfr
https://www.mend.io/vulnerability-database/CVE-2018-8409

Severity Score

Weakness Type (CWE)

Improper Input Validation

CWE-20

Insufficient Information

NVD-CWE-noinfo

Top Fix

icon

Upgrade Version

Upgrade to version ScopeAgent.Runner - 0.1.14;ScopeAgent.Runner - 0.1.11;ScopeAgent.Runner - 0.1.6;ScopeAgent.Runner - 0.1.7;ScopeAgent.Runner - 0.1.19;ScopeAgent.Runner - 0.1.8;ScopeAgent.Runner - 0.3.0-beta.1;ScopeAgent.Runner - 0.1.5;ScopeAgent.Runner - 0.1.16;ScopeAgent.Runner - 0.1.13;ScopeAgent.Runner - 0.1.10;ScopeAgent.Runner - 0.1.9;ScopeAgent.Runner - 0.1.15;VirtoCommerce.GlobalTool - 3.0.0-beta0004;VirtoCommerce.GlobalTool - 3.810.0-alpha.237;Minima.GlobalTool - no_fix;Wyam.Tool - no_fix;System.IO.Pipelines - 4.6.0-preview6.19303.8;System.IO.Pipelines - 4.5.0-preview2-26406-04;FunctionMonkey.Compiler - 4.0.56-beta.4;JonasMH.Swashbuckle.AspNetCore.Cli - no_fix;Swashbuckle.AspNetCore.Cli - 7.0.0;Microsoft.AspNetCore.App - 2.1.4;Swashbuckle.AspNetCore.Cli.Gpn - no_fix;JoeDoe.Swashbuckle.AspNetCore.Cli - no_fix;asvishnyakov.VirtoCommerce.GlobalTool - no_fix;Higrow.AspNetCore.Cli - 6.5.1;Microsoft.AspNetCore.All - 2.1.4

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us