Microsoft Security Advisory CVE-2024-21319: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in the ASP.NET Core project templates. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. A Denial of Service vulnerability exists in ASP.NET Core project templates which utilize JWT-based authentication tokens. This vulnerability allows an unauthenticated client to consume arbitrarily large amounts of server memory, potentially triggering an out-of-memory condition on the server and making the server no longer able to respond to legitimate requests. Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/290 Mitigation factors This impacts only .NET Core-based projects that were created using any version of project templates listed in affected software. Other project templates e.g., console applications, MAUI applications, Windows Forms or WPF applications, are not affected. Affected software This impacts only .NET Core-based projects that were created using any version of the below project templates. ASP.NET Core Web App (Model-View-Controller) ASP.NET Core Web API ASP.NET Core Web App (Razor Pages) Blazor Server App Blazor WebAssembly App Advisory FAQ How do I know if I am affected? If you are you using project templates listed in affected software, you may be…Read More