The methods for sending and receiving data on a WebSocket accept a CancellationToken, but previously did not implement actual support for cancellation. Activating the cancellation token would result in a no-op, and would not cancel any in progress operations. This provided a potential avenue for DOS, by tying up connections to a server with WebSocket connections that the server could not cancel.
This issue has been addressed in the following products:
.NET Core on Red Hat Enterprise Linux
Via RHSA-2019:0040 https://access.redhat.com/errata/RHSA-2019:0040