An infinite loop was found in the HTTP Routing component of Microsoft.AspNetCore.App, which could be exploited by a remote, unauthenticated attacker. This flaw allows an attacker without special privileges to send crafted requests to a machine running an ASP.NET Core application, triggering the infinite loop and causing a denial of service in that application, for example, a web server.