Description
A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1469
Scores
CVSS v3
7.5
EPSS
0.0619
EPSS Percentile
90.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-434
Status
published
Products (2)
microsoft/bond
9.0.1
nuget/Bond.Core.CSharp
3.0.0 - 9.0.1NuGet
Published
Jul 14, 2020
Tracked Since
Feb 18, 2026