CVE Details
| CVE ID |
Severity |
Affected Package |
Installed Version |
Fixed Version |
Date Published |
Date of Scan |
| CVE-2025-55315 |
CRITICAL |
Microsoft.AspNetCore.App.Runtime.linux-x64 |
9.0.9 |
10.0.0-rc.2.25502.107, 9.0.10, 8.0.21 |
2025-10-14T17:15:44.96Z |
2025-10-15T10:18:18.85980241Z |
Affected Docker Images
| Image Name |
SHA |
public.ecr.aws/lambda/dotnet:latest |
public.ecr.aws/lambda/dotnet@sha256:2f5f8cefa06decf77f044d2e2547a3796d32e36d1074e9af342cca3f431db761 |
public.ecr.aws/lambda/dotnet:10-preview |
public.ecr.aws/lambda/dotnet@sha256:42082beb8d59e791623981f894ecfb9286413178fd2541ccb8c85488b66fac28 |
public.ecr.aws/lambda/dotnet:9 |
public.ecr.aws/lambda/dotnet@sha256:2f5f8cefa06decf77f044d2e2547a3796d32e36d1074e9af342cca3f431db761 |
public.ecr.aws/lambda/dotnet:8 |
public.ecr.aws/lambda/dotnet@sha256:df95ced9d1b4e777fd23379b2cc9ca5f50df5fd7f915c5a79c1c124a05e24ab0 |
Description
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
Remediation Steps
- Update the affected package
Microsoft.AspNetCore.App.Runtime.linux-x64 from version 9.0.9 to 10.0.0-rc.2.25502.107, 9.0.10, 8.0.21.
About this issue
- This issue may not contain all the information about the CVE nor the images it affects.
- This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
- For more, visit Lambda Watchdog.
- This issue was created automatically by Lambda Watchdog.
