Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mimekit has vulnerable dependency that can lead to denial of service #140

Open
danielwspie opened this issue Sep 26, 2024 · 4 comments
Open

Mimekit has vulnerable dependency that can lead to denial of service #140

danielwspie opened this issue Sep 26, 2024 · 4 comments

Comments

@danielwspie
Copy link

danielwspie commented Sep 26, 2024
edited
Loading

GHSA-gmc6-fwg3-75m5

Serilog.Sinks.Email (v4.0.0)
└─ MailKit (v4.6.0)
└─ MimeKit (v4.6.0)
@jwalz-hunter
Copy link

Any update on this?

@iwhp iwhp mentioned this issue Nov 25, 2024
Open
@romovs
Copy link

romovs commented Dec 3, 2024

Are there any plans to officially release a new version with #143 merged? Mentioned vulnerability is of high severity

@Amir-Ageez
Copy link

Any updates, please?

@Kissaki
Copy link

Kissaki commented Dec 9, 2024

For your consideration:

As a workaround, you can install the vulnerable transient dependencies explicitly in a newer non-vulnerable version. The newer versions are compatible. NuGet will resolve the newer versions, and MimeKit will use those.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Kissaki @romovs @Amir-Ageez @danielwspie @jwalz-hunter