Open Snyk Issue with high severity for several months

VILLAN3LL3 commented 2 months ago

Prerequisites

[X] I have written a descriptive issue title
[X] I have verified that I am running the latest version of ImageSharp.Web
[X] I have verified if the problem exist in both DEBUG and RELEASE mode
[X] I have searched open and closed issues to ensure it has not already been reported

ImageSharp.Web version

3.1.2

Other Six Labors packages and versions

[,2.1.7) [3.0.0,3.1.3)

Environment (Operating system, version and so on)

N/A

.NET version

8.0

Description

There is an open Snyk Issue (vulnerability) for months now:

CVE-2024-27929 CWE-416 Severity: HIGH Details: https://security.snyk.io/vuln/SNYK-DOTNET-SIXLABORSIMAGESHARP-6394504 Since: 03/2004
How to fix: Upgrade SixLabors.ImageSharp to version 2.1.7, 3.1.3 or higher.

Are you planning to execute the required update soon? Thank you!

Steps to Reproduce

N/A

Images

No response

JimBobSquarePants commented 2 months ago

The current latest ImageSharp.Web version is v3.1.2 this requires ImageSharp v3.1.4. This was released over 3 months ago.

https://www.nuget.org/packages/SixLabors.ImageSharp.Web/3.1.2

VILLAN3LL3 commented 2 months ago

I apologize for any inconvenience. The vulnerability does not come from this package, but from QRCoder-ImageSharp - I had seen that wrong yesterday. :-(

SixLabors / ImageSharp.Web