Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
Vulnerability Description
AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service (DoS) attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an attacker to provide a specially crafted object graph that exhausts the thread's stack memory, triggering a `StackOverflowException` and causing the entire application process to terminate. Versions 15.1.1 and 16.1.1 fix the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未经控制的递归
Vulnerability Title
AutoMapper 安全漏洞
Vulnerability Description
AutoMapper是Lucky Penny Software LLC开源的一个对象映射库。 AutoMapper 15.1.1之前版本和16.1.1之前版本存在安全漏洞,该漏洞源于映射深度嵌套对象图时未强制执行默认最大深度限制,可能导致堆栈溢出和拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A