Security Update: PowerShell Universal and .NET SDK CVE 2023 21538

PowerShell Universal

January 11, 2023

quote Discuss this Article

Overview

PowerShell Universal 3.x is affected by CVE-2023-21538 in the .NET SDK. Please update to PowerShell Universal 3.7.2 or later.

Download Now

About CVE-2023-21538

CVE-2023-21538 is a Denial of Service Vulnerability that is present in .NET SDK 6.0.404 or earlier. PowerShell Unviersal 3.x is built on .NET 6. Due to this dependency, PowerShell Universal is also affected by this CVE.

You can learn more about the CVE from Microsoft and their blog post

Affected Versions

All versions of PowerShell Universal 3.x prior to 3.7.2

PowerShell Universal 2.x was built by .NET SDK 5.0 and is not part of this CVE.

Remediation

Upgrade to PowerShell Universal 3.7.2 or later.

Timeline

Questions

Please contact Ironman Software support.