GMS-2018-40: Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv

October 16, 2018 (updated December 3, 2021)

Microsoft made an internal discovery of a security vulnerability in version 2.x of ASP.NET Core where a specially crafted request can cause excess resource consumption in Kestrel.

References

github.com/advisories/GHSA-3m2r-q8x3-xmf7
github.com/aspnet/Announcements/issues/300

Code Behaviors & Features

Detect and mitigate GMS-2018-40 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →