search

fgilde / MudBlazor.Extensions

MudBlazor.Extensions from https://www.mudex.org is a small extension for MudBlazor from https://mudblazor.com
http://www.mudex.org
MIT License
245 stars 20 forks source link

[Bug]: SixLabors.ImageSharp minimum package version upgrade due to security vulnerability #100

Closed benjaminalley closed 4 months ago

benjaminalley commented 4 months ago

Contact Details

alleyben114@gmail.com

What happened?

There is a package vulnerability in SixLabors.ImageSharp v3.1.4.

Per Veracode, "SixLabors.ImageSharp [v3.1.4] is vulnerable to an Out-of-bounds Write. The vulnerability is due to minCodeSize in the DecodePixels method within the ImageSharp gif decoder, which allows an attacker to crash the application using a specially crafted gif."

Expected Behavior

Veracode states that v3.1.5 is currently considered safe and fixes this issue. Fix would be to set minimum required version of SixLabors.ImageSharp to >=3.1.5

Screenshots

No response

Reproduction link

No response

What application type are you referring to?

ServerRendered

Custom Application Type

No response

MudBlazor.Extension Version

2.0.2

MudBlazor Version

7.3.0

What .net Version are you using?

.Net8

What browser are you using?

Chrome

Sample Solution

No response

Pull Request

No response

Code of Conduct

fgilde commented 4 months ago

Thanks for reporting will change it after my vacation asap

fgilde commented 4 months ago

Is changed in 2.0.3

benjaminalley commented 3 months ago

Thank you for fixing that!