CVE-2024-41132 (Medium) detected in sixlabors.imagesharp.2.1.7.nupkg #334
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
Mend: dependency security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2024-41132 - Medium Severity Vulnerability
A new, fully featured, fully managed, cross-platform, 2D graphics API for .NET
Library home page: https://api.nuget.org/packages/sixlabors.imagesharp.2.1.7.nupkg
Path to dependency file: /optimizely/samples/AlloySampleSite/AlloySampleSite.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/sixlabors.imagesharp/2.1.7/sixlabors.imagesharp.2.1.7.nupkg
Dependency Hierarchy:
Found in HEAD commit: 06f898487e37c324749f8625ef95f65e5e90a1bf
Found in base branch: master
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.
Publish Date: 2024-07-22
URL: CVE-2024-41132
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-41132
Release Date: 2024-07-22
Fix Resolution: SixLabors.ImageSharp - 2.1.9,3.1.5
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: