ArchLinux: 202106-37: aspnet-runtime: denial of service
Summary
A denial of service vulnerability exists in .NET 5.0 before Runtime 5.0.7 and SDK 5.0.204 as well as .NET Core 3.1 before Runtime 3.1.16 and SDK 3.1.116 in ASP.NET.
Resolution
Upgrade to 5.0.7.sdk204-1.
# pacman -Syu "aspnet-runtime>=5.0.7.sdk204-1"
The problem has been fixed upstream in version 5.0.7.sdk204.
References
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31957 https://github.com/dotnet/announcements/issues/189 https://security.archlinux.org/CVE-2021-31957
Workaround
None.