SixLabors.ImageSharp 3.1.4 vulnerable - Githubissues

DevToys-app / DevToys

A Swiss Army knife for developers.

https://devtoys.app/

MIT License

26.94k stars 1.45k forks source link

SixLabors.ImageSharp 3.1.4 vulnerable #1410

Open jerone opened 2 weeks ago

jerone commented 2 weeks ago

Current behavior

DevToys.Api dependency SixLabors.ImageSharp version 3.1.4 is vulnerable:

Severity 1 - https://github.com/advisories/GHSA-qxrv-gp6x-rc23
Severity 2 - https://github.com/advisories/GHSA-63p8-c4ww-9cg7

How to reproduce it (as minimally and precisely as possible)

No response

Expected behavior

No vulnerabilities.

Screenshots

No response

Workaround

No response

Affected platforms

No response

Affected DevToys kind

DevToys (app with GUI), DevToys CLI

DevToys Version

DevToys.Api.2.0.5-preview

Relevant Assets/Logs

No response

jerone commented 1 week ago

Ping @veler for these vulnerabilities.