Closed VILLAN3LL3 closed 2 months ago
The current latest ImageSharp.Web version is v3.1.2
this requires ImageSharp v3.1.4
. This was released over 3 months ago.
https://www.nuget.org/packages/SixLabors.ImageSharp.Web/3.1.2
I apologize for any inconvenience. The vulnerability does not come from this package, but from QRCoder-ImageSharp
- I had seen that wrong yesterday. :-(
Prerequisites
DEBUG
andRELEASE
modeImageSharp.Web version
3.1.2
Other Six Labors packages and versions
[,2.1.7) [3.0.0,3.1.3)
Environment (Operating system, version and so on)
N/A
.NET version
8.0
Description
There is an open Snyk Issue (vulnerability) for months now:
CVE-2024-27929 CWE-416 Severity: HIGH Details: https://security.snyk.io/vuln/SNYK-DOTNET-SIXLABORSIMAGESHARP-6394504 Since: 03/2004
How to fix: Upgrade SixLabors.ImageSharp to version 2.1.7, 3.1.3 or higher.
Are you planning to execute the required update soon? Thank you!
Steps to Reproduce
N/A
Images
No response