Open Closed

Security vulnerabilities in ABP studio generated solution (blazor-webapp) #9905

User avatar
0
mike3077 created

Hello!

Is there an official process for submitting security vulnerabilities that does not count against our allotted support questions?

ABP Studio 1.2.2, installed 9/16/2025 from Microsoft Store

  • Template: app
  • Created ABP Studio Version: 1.2.2
  • Current ABP Studio Version: 1.2.2
  • Tiered: Yes
  • Multi-Tenancy: Yes
  • UI Framework: blazor-webapp
  • Theme: leptonx
  • Theme Style: system
  • Theme Menu Placement: side
  • Run Install Libs: Yes
  • Database Provider: mongodb
  • Run Db Migrator: Yes
  • Mobile Framework: none
  • Public Website: Yes
  • Social Login: Yes
  • Include Tests: Yes
  • Kubernetes Configuration: Yes
  • Distributed Event Bus: rabbitmq
  • Use Local References: No
  • Optional Modules:
    • GDPR
    • FileManagement
    • TextTemplateManagement
    • LanguageManagement
    • AuditLogging
    • Chat
    • OpenIddictAdmin
  • Selected Languages: English, English (United Kingdom)
  • Default Language: English
  • Create Command: abp new AT1.Core -t app --tiered --ui-framework blazor-webapp --database-provider mongodb --theme leptonx --public-website --without-cms-kit --sample-crud-page --dont-run-bundling -chat -file-management
  1. MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow
  • 'MessagePack 2.2.85' from AT1.Core.AuthServer
  1. SixLabors ImageSharp Has Infinite Loop in GIF Decoder When Skipping Malformed Comment Extension Blocks
  • 'SixLabors.ImageSharp 3.1.8' from AT1.Core.AuthServer
  1. ImageMagick
  • 'Magick.NET-Q16-AnyCPU 13.4.0' from AT1.Core.Web.Public
Go to accepted answer
2 Answer(s)
  • User Avatar
    0
    AI-Bot created
    Support Team ABP Agent

    To submit security vulnerabilities for ABP Framework or ABP Studio without using your allotted support questions, you should send your findings directly via email to the ABP support team. This is the recommended and official process for responsible disclosure of security issues.

    Please email your vulnerability details to: support@abp.io
    Include relevant information such as the ABP Studio version, template, affected packages, and a description of the vulnerabilities. Reference your support ticket number if you have one, but security reports sent this way will not count against your support quota.

    Sources:

    • https://abp.io/support/questions/9147
    • https://abp.io/support/questions/8276

    This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    We will upgrade these packages.

    Thanks.

Assignee
User avatar maliming
Question details
Labels
None yet
Learn More, Pay Less
33% OFF
All Trainings!
Get Your Deal
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.0.0-preview. Updated on September 18, 2025, 07:10