Skip to content

[GHSA-rvv3-g6hj-g44x] AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion#7227

Closed
mkarbowski-quilt wants to merge 1 commit intomkarbowski-quilt/advisory-improvement-7227from
mkarbowski-quilt-GHSA-rvv3-g6hj-g44x
Closed

[GHSA-rvv3-g6hj-g44x] AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion#7227
mkarbowski-quilt wants to merge 1 commit intomkarbowski-quilt/advisory-improvement-7227from
mkarbowski-quilt-GHSA-rvv3-g6hj-g44x

Conversation

@mkarbowski-quilt
Copy link

@mkarbowski-quilt mkarbowski-quilt commented Mar 24, 2026

Updates

  • CVSS v3
  • Severity

Comments
Is this a joke? Breaking my CI for a common bug that's present in almost every tool that performs a similar task? This is an AI discovered issue that isn't an issue and literally has workarounds supported in the tool. This shouldn't even be a CVE.

@github
Copy link
Collaborator

github commented Mar 24, 2026

Hi there @jbogard! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

@github-actions github-actions bot changed the base branch from main to mkarbowski-quilt/advisory-improvement-7227 March 24, 2026 15:35
@jbogard
Copy link

jbogard commented Mar 24, 2026

@mkarbowski-quilt I have a discussion specifically for this advisory here: LuckyPennySoftware/AutoMapper#4624

I detail there how to verify, patch, apply workarounds, suppress the warning etc.

The scores are automatically calculated by CVSS (not me).

@helixplant
Copy link

helixplant commented Mar 25, 2026

Hi @mkarbowski-quilt,
We understand the frustration this may have caused. @jbogard has provided detailed rationale and verification/mitigation guidance in the linked discussion, and the severity is based on CVSS calculation. Based on this information, we’re inclined to agree with the assessment and scoring for this vulnerability. We will add LuckyPennySoftware/AutoMapper#4624 to the references of this advisory as requested in #7230.

@helixplant helixplant closed this Mar 25, 2026
@github-actions github-actions bot deleted the mkarbowski-quilt-GHSA-rvv3-g6hj-g44x branch March 25, 2026 18:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mkarbowski-quilt @github @jbogard @helixplant