ServiceStack

NuGet2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting ServiceStackpage 1 of 1

CVE-2019-1010199MEDIUMCVSS 6.1EG 6.1✓ Fixed in 5.2.0
2019-07-23
vulnerable: 4.5.14, 5.0.0, 5.0.2, 5.1.0
ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting (XSS). The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is pro…
CVE-2020-28042MEDIUMCVSS 5.3EG 5.3✓ Fixed in 5.9.2
2020-11-02
vulnerable: 2.2.2 ... 5.9.0 (186 versions)
ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature.

Check whether ServiceStack is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ServiceStack CVEs against the assets you own.

Start Free Scan →