CVE-2021-26423 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
A denial of service vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK 3.1.118 where .NET (Core) server applications providing WebSocket endpoints could be tricked into endlessly looping while trying to read a single WebSocket frame.
Group Package Affected Fixed Severity Status Ticket
AVG-2278 dotnet-runtime-3.1, dotnet-sdk-3.1 3.1.17.sdk117-1 Medium Vulnerable
AVG-2277 dotnet-runtime, dotnet-sdk 5.0.8.sdk205-1 Medium Vulnerable
References
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26423
https://github.com/dotnet/announcements/issues/194