Headline

GHSA-gmc6-fwg3-75m5: Mimekit has vulnerable dependency that can lead to denial of service

Summary

Denial of service vulnerability.

Details

See: https://github.com/advisories/GHSA-447r-wph3-92pm and https://github.com/dotnet/announcements/issues/312

PoC

Update System.Security.Cryptography.Pkcs to 8.0.1 so that the transitive dependency with the issue gets updated

Impact

Denial of service vulnerability. Affects MimeKit (>= v3.0.0 and <= v4.7.0) when used to decrypt or verify incoming S/MIME messages as well as importing 3rd-party X.509 certificates for use with encrypting outgoing S/MIME messages.

4 months ago

ghsa

Open in Source

#vulnerability #dos #js #git

Package

nuget MimeKit (NuGet)

Affected versions

>= 3.0.0, < 4.7.1

Patched versions

4.7.1

Description

Summary

Denial of service vulnerability.

Details

See: GHSA-447r-wph3-92pm and dotnet/announcements#312

PoC

Update System.Security.Cryptography.Pkcs to 8.0.1 so that the transitive dependency with the issue gets updated

Impact

References

GHSA-gmc6-fwg3-75m5
dotnet/announcements#312
jstedfast/MimeKit@aef4eda
GHSA-447r-wph3-92pm

jstedfast published to jstedfast/MimeKit

Jul 11, 2024

Published to the GitHub Advisory Database

Jul 11, 2024

Reviewed

Jul 11, 2024

Last updated

Jul 11, 2024

ghsa: Latest News

GHSA-qg5g-gv98-5ffh: rustls network-reachable panic in `Acceptor::accept`

2 hours ago

ghsa

GHSA-rjjv-87mx-6x3h: @sveltejs/kit vulnerable to on dev mode 404 page

4 hours ago

ghsa

GHSA-mh2x-fcqh-fmqv: @sveltejs/kit has unescaped error message included on error page

4 hours ago

ghsa

GHSA-5xr6-xhww-33m4: Artifact poisoning vulnerability in action-download-artifact v5 and earlier

4 hours ago

ghsa

GHSA-7f6p-phw2-8253: Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws

4 hours ago

ghsa