The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade MessagePack to version 2.5.301, 3.1.7 or higher.
MessagePack is a MessagePack(MsgPack) Serializer for C#(.NET, .NET Core, Unity, Xamarin).
Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the ExpandoObjectFormatter.Deserialize process. An attacker can cause excessive CPU consumption and memory allocation by submitting a large, attacker-controlled map with many distinct keys during deserialization, leading to server unresponsiveness or resource exhaustion. This is only exploitable if untrusted MessagePack maps are deserialized into ExpandoObject using ExpandoObjectResolver or related resolver options.
This vulnerability can be mitigated by avoiding deserialization of untrusted payloads into ExpandoObject, preferring strongly typed DTOs or dictionaries with security-aware comparers and explicit count limits, and enforcing request-size and map-entry limits at the transport or application layer.