Описание
Microsoft Identity Denial of service vulnerability
A Denial of Service vulnerability was found in .NET Core project templates that utilize JWT-based authentication tokens. This issue may allow an unauthenticated client to consume arbitrarily large amounts of server memory, potentially triggering an out-of-memory condition on the server and making the server no longer able to respond to legitimate requests.
Отчет
This DoS vulnerability in .NET Core project templates utilizing JWT-based authentication tokens is considered a moderate issue due to its restricted impact. While unauthenticated clients can exploit the server's memory, potentially causing an out-of-memory condition and service disruption, the vulnerability does not lead to remote code execution or compromise sensitive data. Its exploitability is contingent on specific project configurations, limiting the scope of affected systems.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS3
EPSS
6.8 Medium
CVSS3