Skip to content

Microsoft Security Advisory CVE-2023-33141 | YARP Denial of Service Vulnerability

Moderate
Tratcher published GHSA-jrjw-qgr2-wfcg Jun 22, 2023

Package

nuget Yarp.ReverseProxy (NuGet)

Affected versions

<= 1.1.1, 2.0.0

Patched versions

1.1.2, 2.0.1

Description

Impact

A denial of service vulnerability exists in YARP.

Patches

If you're using YARP 1.x, you should update to NuGet package version 1.1.2.
If you're using YARP 2.0.0, you should update to NuGet package version 2.0.1.

You can do so by updating the PackageReference in your .csproj file

<ItemGroup>
- <PackageReference Include="Yarp.ReverseProxy" Version="2.0.0" />
- <PackageReference Include="Yarp.Telemetry.Consumption" Version="2.0.0" />
+ <PackageReference Include="Yarp.ReverseProxy" Version="2.0.1" />
+ <PackageReference Include="Yarp.Telemetry.Consumption" Version="2.0.1" />
</ItemGroup>

or by selecting 2.0.1 in the NuGet UI inside Visual Studio (Manage NuGet Packages / Updates)

References

CVE-2023-33141

Severity

Moderate

CVE ID

CVE-2023-33141

Weaknesses

No CWEs