CVE-2019-1301: High severity vulnerability that affects System.Management.Automation

September 13, 2019 (updated April 2, 2025)

A denial of service vulnerability exists when PowerShell Core or .NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a PowerShell Core scripts.

The update addresses the vulnerability by correcting how the .NET Core handles web requests.

System administrators are advised to update PowerShell Core to an unaffected version (see affected software.)

References

github.com/PowerShell/PowerShell
github.com/PowerShell/PowerShell/security/advisories/GHSA-62gw-3rmj-wmp2
github.com/advisories/GHSA-62gw-3rmj-wmp2
nvd.nist.gov/vuln/detail/CVE-2019-1301
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1301

Code Behaviors & Features

Detect and mitigate CVE-2019-1301 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →