.NET Core is vulnerable to denial of service (DoS). It is due to lack of timeouts enforcement for regular expressions.
access.redhat.com/errata/RHSA-2019:1236
access.redhat.com/errata/RHSA-2019:1259
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1654863
bugzilla.redhat.com/show_bug.cgi?id=1678932
bugzilla.redhat.com/show_bug.cgi?id=1703479
bugzilla.redhat.com/show_bug.cgi?id=1703508
bugzilla.redhat.com/show_bug.cgi?id=1704454
bugzilla.redhat.com/show_bug.cgi?id=1704934
bugzilla.redhat.com/show_bug.cgi?id=1705147
bugzilla.redhat.com/show_bug.cgi?id=1705259
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981