This repository has been archived by the owner on Nov 23, 2024. It is now read-only.
CVE-2024-41132 (Medium) detected in sixlabors.imagesharp.2.1.7.nupkg #226
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
Mend: dependency security vulnerability
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
CVE-2024-41132 - Medium Severity Vulnerability
A new, fully featured, fully managed, cross-platform, 2D graphics API for .NET
Library home page: https://api.nuget.org/packages/sixlabors.imagesharp.2.1.7.nupkg
Path to dependency file: /samples/AlloySampleSite/AlloySampleSite.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/sixlabors.imagesharp/2.1.7/sixlabors.imagesharp.2.1.7.nupkg
Dependency Hierarchy:
Found in HEAD commit: 0e0087b467c4ed763a30c97a534f9016c087f689
Found in base branch: main
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.
Publish Date: 2024-07-22
URL: CVE-2024-41132
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-41132
Release Date: 2024-07-22
Fix Resolution: SixLabors.ImageSharp - 2.1.9,3.1.5
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: