Open

Volo.Abp.Emailing Scriban Vulnerability (GHSA-grr9-747v-xvcp) - DoS Recursion in Email Templating #10543

maziz101 created 17 hours ago

Detected security warning in Scriban (transitive dep of Volo.Abp.Emailing). Infinite recursion on circular refs causes StackOverflow/DoS crash during object rendering in templates (e.g., Layout.tpl). Risky for email services with user-influenced data. Request:

Upgrade path/timeline for Scriban in next ABP release.
Config guidance for safe ObjectRecursionLimit.
Affected versions list.

Links:

GitHub Advisory: https://github.com/scriban/scriban/security/advisories/GHSA-grr9-747v-xvcp
OSV: https://github.com/ossf/osv.dev/blob/main/data/github/scriban/scriban/GHSA-grr9-747v-xvcp.json
Patch Commit: https://github.com/scriban/scriban/commit/a6fe6074199e5c04f4d29dc8d8e652b24d33e3e4

Prioritize for production security.

1 Answer(s)

0

maliming created 17 hours ago
Support Team Fullstack Developer

hi

Can you refer to: https://abp.io/support/questions/10541/SystemIdentityModelTokensJwt-6261-has-a-known-high-severity-vulnerability#answer-3a202f9f-4c50-529b-26b8-b28a076a4f77

Thanks

Have an answer to this question? Log in and write your answer.

Assignee

maliming

Question details

ABP Version (vX.X.X)

Database Management System

Tiered (MVC) or Auth Server Separated (Angular)

Labels

None yet

Boost Your Development

ABP Live Training
Packages

See Trainings

The Official Guide

Mastering
ABP Framework

Learn More

Made with ❤️ on ABP v10.3.0-preview. Updated on March 13, 2026, 12:51

ABP Assistant

🔐 You need to be logged in to use the chatbot. Please log in first.

Framework

Tools

Mobile

Startup Templates

UI

Modules