{"package":"Microsoft.AspNetCore.App","ecosystem":"nuget","latest_version":"3.0.0-preview3-19153-02","description":"Provides a default set of APIs for building an ASP.NET Core application.\n\nThis package requires the ASP.NET Core runtime. This runtime is installed by the .NET Core SDK, or can be acquired separately using installers available at https://aka.ms/dotnet-download.","license":"","homepage":"https://asp.net/","repository":"https://asp.net/","downloads_weekly":0,"health":{"score":32,"risk":"critical","breakdown":{"maintenance":0,"popularity":0,"security":15,"maturity":15,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":8,"critical":0,"high":0,"medium":5,"low":3,"details":[{"vuln_id":"BIT-aspnet-core-2020-0602","severity":"unknown","summary":"Denial of service in ASP.NET Core","affected_versions":">=3.1.0","fixed_version":"3.1.1","source":"osv","published_at":"2022-05-24T17:06:16Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-aspnet-core-2020-0603","severity":"unknown","summary":"Remote code execution in ASP.NET Core","affected_versions":">=3.1.0","fixed_version":"3.1.1","source":"osv","published_at":"2022-05-24T17:06:16Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2019-0564","severity":"medium","summary":"Denial of service in ASP.NET Core","affected_versions":">=2.1.0","fixed_version":"2.1.7","source":"osv","published_at":"2022-05-14T01:41:32Z","in_kev":false,"epss_prob":0.07668,"epss_percentile":0.91916,"threat_tier":"theoretical"},{"vuln_id":"GHSA-cgpw-2gph-2r9g","severity":"unknown","summary":"Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core","affected_versions":">=2.1.0","fixed_version":"2.1.2","source":"osv","published_at":"2018-10-16T19:59:59Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-aspnet-core-2020-1597","severity":"medium","summary":"ASP.NET Core Denial of Service Vulnerability","affected_versions":">=3.1.0","fixed_version":"3.1.7","source":"osv","published_at":"2022-05-24T17:26:01Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"BIT-aspnet-core-2020-1045","severity":"medium","summary":"Cookie parsing failure","affected_versions":">=3.1.5","fixed_version":"3.1.8","source":"osv","published_at":"2022-05-24T17:27:57Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2018-8409","severity":"medium","summary":"Denial of service vulnerability exists when System.IO.Pipelines improperly handles requests","affected_versions":">=4.5.0","fixed_version":"4.5.1","source":"osv","published_at":"2018-10-16T19:56:38Z","in_kev":false,"epss_prob":0.1435,"epss_percentile":0.94431,"threat_tier":"theoretical"},{"vuln_id":"CVE-2019-1075","severity":"medium","summary":"Open redirect in ASP.NET Core","affected_versions":">=2.1.0","fixed_version":"2.1.12","source":"osv","published_at":"2022-05-24T16:50:19Z","in_kev":false,"epss_prob":0.00417,"epss_percentile":0.6177,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"3.0.0-preview3-19153-02","total_count":51,"recent":["2.1.28","2.1.29","2.1.30","2.1.31","2.1.34","2.2.0-preview1-35029","2.2.0-preview2-35157","2.2.0-preview3-35497","2.2.0","2.2.1","2.2.2","2.2.3","2.2.4","2.2.5","2.2.6","2.2.7","2.2.8","3.0.0-preview-18579-0056","3.0.0-preview-19075-0444","3.0.0-preview3-19153-02"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":null,"last_published":"1900-01-01T00:00:00+00:00","dependencies_count":0,"dependencies":[]},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"recommendation":{"action":"use_with_caution","issues":["Low health score (32/100)"],"use_version":"3.0.0-preview3-19153-02","version_hint":"Update to >= 2.1.12 to fix known vulnerabilities","summary":"Microsoft.AspNetCore.App@3.0.0-preview3-19153-02 low health (32/100) — consider alternatives"},"requested_version":null,"_cache":"miss","_response_ms":482,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false}}