MessagePack

NuGet2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting MessagePackpage 1 of 1

CVE-2020-5234MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.1.90
2020-01-31
vulnerable: 2.0.107-alpha ... 2.1.80 (15 versions)
MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and re…
CVE-2024-48924HIGHCVSS 8.7EG 0.0✓ Fixed in 3.0.214-rc.1
2024-10-17
vulnerable: 2.6.100-alpha ... 3.0.54-alpha (7 versions)
### Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consump…

Check whether MessagePack is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for MessagePack CVEs against the assets you own.

Start Free Scan →