Microsoft is releasing this security advisory to provide information about a vulnerability in the ASP.NET Core project templates. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. A Denial of Service vulnerability exists in ASP.NET Core project templates which utilize JWT-based authentication tokens. This vulnerability allows an unauthenticated client to consume arbitrarily large amounts of server memory, potentially triggering an out-of-memory condition on the server and making the server no longer able to respond to legitimate requests. https://github.com/dotnet/core/blob/ce802c56fde3abe2ae14ad09a1b8991b6709c18b/release-notes/6.0/6.0.26/6.0.26.md
Created dotnet6.0 tracking bugs for this issue: Affects: fedora-all [bug 2257567] Created dotnet7.0 tracking bugs for this issue: Affects: fedora-all [bug 2257568] Created dotnet8.0 tracking bugs for this issue: Affects: fedora-all [bug 2257569]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:0151 https://access.redhat.com/errata/RHSA-2024:0151
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:0152 https://access.redhat.com/errata/RHSA-2024:0152
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0150 https://access.redhat.com/errata/RHSA-2024:0150
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:0156 https://access.redhat.com/errata/RHSA-2024:0156
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0158 https://access.redhat.com/errata/RHSA-2024:0158
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0157 https://access.redhat.com/errata/RHSA-2024:0157
This issue has been addressed in the following products: .NET Core on Red Hat Enterprise Linux Via RHSA-2024:0255 https://access.redhat.com/errata/RHSA-2024:0255