CVE-2024-21319
MEDIUM6.8EPSS 0.59%Microsoft Identity Denial of service vulnerability
Published: 1/9/2024Modified: 5/20/2025
Description
Microsoft Identity Denial of service vulnerability
Affected packages (4)
- Bitnami/dotnet>= 6.0.0, < 6.0.26, >= 7.0.0, < 7.0.15, >= 8.0.0, < 8.0.1
- Bitnami/dotnet-sdk>= 6.0.0, < 6.0.26, >= 7.0.0, < 7.0.15, >= 8.0.0, < 8.0.1
- NuGet/Microsoft.IdentityModel.JsonWebTokensfrom 0, < 5.7.0
- NuGet/System.IdentityModel.Tokens.Jwtfrom 0, < 5.7.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.8 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H |
References (6)
- PATCHhttps://github.com/dotnet/aspnetcore
- WEBhttps://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/security/advisories/GHSA-8g9c-28fc-mcx2
- WEBhttps://github.com/dotnet/announcements/issues/290
- WEBhttps://github.com/dotnet/aspnetcore/security/advisories/GHSA-59j7-ghrg-fj52
- WEBhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-21319