Denial of Service (DoS)
Affecting system.net.websockets.websocketprotocol package, versions [4.5.0,4.5.3)
System.Net.WebSockets.WebSocketProtocol provides the WebSocketProtocol class, which allows creating a websocket from a connected stream using WebSocketsProtocol.CreateFromConnectedStream.
Affected versions of this package are vulnerable to Denial of Service (DoS). An unauthenticated attacker can cause a denial of service remotely, by issuing specially crafted requests to the .NET Core application. This is caused by an improper handling of a web request in ASP.NET Core. This CVE ID is unique from CVE-2019-0548.
System.Net.WebSockets.WebSocketProtocol to version 4.5.3 or higher.
Do your applications use this vulnerable package?