CVE Details
| CVE ID |
Severity |
Affected Package |
Installed Version |
Fixed Version |
Date Published |
Date of Scan |
| CVE-2025-55315 |
CRITICAL |
Microsoft.AspNetCore.App.Runtime.linux-x64 |
9.0.9 |
10.0.0-rc.2.25502.107, 9.0.10, 8.0.21 |
2025-10-14T17:15:44.96Z |
2025-11-07T10:18:18.627065054Z |
Affected Docker Images
| Image Name |
SHA |
public.ecr.aws/lambda/dotnet:latest |
public.ecr.aws/lambda/dotnet@sha256:79d80af018618231f3e5c59df8a0672b1914e40a6cb0740170987400e04a99f1 |
public.ecr.aws/lambda/dotnet:10-preview |
public.ecr.aws/lambda/dotnet@sha256:15519e930055d71775c17f62cf4410884808b357391597a2c3ef6d4f1bf29352 |
public.ecr.aws/lambda/dotnet:9 |
public.ecr.aws/lambda/dotnet@sha256:79d80af018618231f3e5c59df8a0672b1914e40a6cb0740170987400e04a99f1 |
public.ecr.aws/lambda/dotnet:8 |
public.ecr.aws/lambda/dotnet@sha256:c48f1dccf5e15c52d3ff2685a4627bbe3ce09177b7e5480c0c12e0f5b1d75269 |
Description
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
Remediation Steps
- Update the affected package
Microsoft.AspNetCore.App.Runtime.linux-x64 from version 9.0.9 to 10.0.0-rc.2.25502.107, 9.0.10, 8.0.21.
About this issue
- This issue may not contain all the information about the CVE nor the images it affects.
- This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
- For more, visit Lambda Watchdog.
- This issue was created automatically by Lambda Watchdog.
