4 matches found
GHSA-2F33-PR97-265Q MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies
Summary The parameterless MessagePackInputFormatter constructor uses default serializer options, which resolve to MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData. The formatter is designed for ASP.NET Core MVC request bodies, which commonly cross an HTTP trust boundary...
CVE-2026-48509
CVE-2026-48509 affects MessagePack for C# (ASP.NET Core MVC context). The issue is that, prior to versions 2.5.301 and 3.1.7, the parameterless MessagePackInputFormatter() uses default serializer options that resolve to Standard with MessagePackSecurity.TrustedData, which can cross HTTP trust bou...
CVE-2026-48509
MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, the parameterless MessagePackInputFormatter constructor uses default serializer options, which resolve to MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData. The formatter is designed for...
PT-2026-51393
Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The parameterless MessagePackInputFormatter constructor uses default serializer options that resolve to MessagePackSerializerOptions.Standard wit...