{"id":28638,"date":"2020-06-09T10:30:19","date_gmt":"2020-06-09T17:30:19","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/dotnet\/?p=28638"},"modified":"2020-06-10T12:20:08","modified_gmt":"2020-06-10T19:20:08","slug":"net-core-june-2020-updates-2-1-19-and-3-1-5","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/net-core-june-2020-updates-2-1-19-and-3-1-5\/","title":{"rendered":".NET Core June 2020 Updates \u2013 2.1.19 and 3.1.5"},"content":{"rendered":"

Today, we are releasing the .NET Core June 2020 Update. These updates contain security and reliability fixes. See the individual release notes for details on updated packages.<\/p>\n

Security<\/h2>\n
\n

CVE-2020-1108: .NET Core Denial of Service Vulnerability<\/a><\/h3>\n
\n
\n

To comprehensively address CVE-2020-1108, Microsoft has released updates for .NET Core 2.1 and .NET Core 3.1. <\/span>Customers who use any of these versions of .NET Core should install the latest version of .NET Core. See the Release Notes<\/a> for the latest version numbers and instructions for updating .NET Core.<\/span><\/p>\n

Microsoft is aware of a denial of service vulnerability which exists when .NET Core<\/span> improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core web application. The vulnerability can be exploited remotely, without authentication.<\/span>\u00a0<\/span><\/p>\n

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Core application.<\/span>\u00a0<\/span>The update addresses the vulnerability by correcting how the .NET Core web application handles web requests.<\/span>\u00a0<\/span><\/p>\n<\/div>\n

<\/div>\n<\/div>\n<\/div>\n

Getting the Update<\/h2>\n