Headline

GHSA-gmc6-fwg3-75m5: Mimekit has vulnerable dependency that can lead to denial of service

Summary

Denial of service vulnerability.

Details

See: https://github.com/advisories/GHSA-447r-wph3-92pm and https://github.com/dotnet/announcements/issues/312

PoC

Update System.Security.Cryptography.Pkcs to 8.0.1 so that the transitive dependency with the issue gets updated

Impact

Denial of service vulnerability. Affects MimeKit (>= v3.0.0 and <= v4.7.0) when used to decrypt or verify incoming S/MIME messages as well as importing 3rd-party X.509 certificates for use with encrypting outgoing S/MIME messages.

3 months ago

ghsa

Open in Source

#vulnerability #dos #js #git

Package

nuget MimeKit (NuGet)

Affected versions

>= 3.0.0, < 4.7.1

Patched versions

4.7.1

Description

Summary

Denial of service vulnerability.

Details

See: GHSA-447r-wph3-92pm and dotnet/announcements#312

PoC

Update System.Security.Cryptography.Pkcs to 8.0.1 so that the transitive dependency with the issue gets updated

Impact

References

GHSA-gmc6-fwg3-75m5
dotnet/announcements#312
jstedfast/MimeKit@aef4eda
GHSA-447r-wph3-92pm

jstedfast published to jstedfast/MimeKit

Jul 11, 2024

Published to the GitHub Advisory Database

Jul 11, 2024

Reviewed

Jul 11, 2024

Last updated

Jul 11, 2024

ghsa: Latest News

GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname

9 hours ago

ghsa

GHSA-7mr7-4f54-vcx5: HTTP Client uses incorrect token after refresh

9 hours ago

ghsa

GHSA-hfq9-hggm-c56q: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

9 hours ago

ghsa

GHSA-2w5v-x29g-jw7j: Hashicorp Nomad Incorrect Authorization vulnerability

9 hours ago

ghsa

GHSA-3m9x-2qfj-xvq4: PHPExcel XXE Vulnerability

13 hours ago

ghsa