Vulnerable Library - automapper.12.0.0.nupkg
A convention-based object-object mapper.
Library home page: https://api.nuget.org/packages/automapper.12.0.0.nupkg
Path to dependency file: /MangoAPI.Presentation/MangoAPI.Presentation.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/automapper/12.0.0/automapper.12.0.0.nupkg
Found in HEAD commit: 0c9bb5bd04415d4d387e12646c7ce749fd8ffae2
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2026-32933
Vulnerable Library - automapper.12.0.0.nupkg
A convention-based object-object mapper.
Library home page: https://api.nuget.org/packages/automapper.12.0.0.nupkg
Path to dependency file: /MangoAPI.Presentation/MangoAPI.Presentation.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/automapper/12.0.0/automapper.12.0.0.nupkg
Dependency Hierarchy:
- ❌ automapper.12.0.0.nupkg (Vulnerable Library)
Found in HEAD commit: 0c9bb5bd04415d4d387e12646c7ce749fd8ffae2
Found in base branch: main
Vulnerability Details
AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service (DoS) attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an attacker to provide a specially crafted object graph that exhausts the thread's stack memory, triggering a "StackOverflowException" and causing the entire application process to terminate. Versions 15.1.1 and 16.1.1 fix the issue.
Publish Date: 2026-03-20
URL: CVE-2026-32933
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2026-03-20
Fix Resolution: https://github.com/LuckyPennySoftware/AutoMapper.git - v16.1.1,https://github.com/LuckyPennySoftware/AutoMapper.git - v15.1.1
Step up your Open Source Security Game with Mend here
A convention-based object-object mapper.
Library home page: https://api.nuget.org/packages/automapper.12.0.0.nupkg
Path to dependency file: /MangoAPI.Presentation/MangoAPI.Presentation.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/automapper/12.0.0/automapper.12.0.0.nupkg
Found in HEAD commit: 0c9bb5bd04415d4d387e12646c7ce749fd8ffae2
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - automapper.12.0.0.nupkg
A convention-based object-object mapper.
Library home page: https://api.nuget.org/packages/automapper.12.0.0.nupkg
Path to dependency file: /MangoAPI.Presentation/MangoAPI.Presentation.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/automapper/12.0.0/automapper.12.0.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: 0c9bb5bd04415d4d387e12646c7ce749fd8ffae2
Found in base branch: main
Vulnerability Details
AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service (DoS) attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an attacker to provide a specially crafted object graph that exhausts the thread's stack memory, triggering a "StackOverflowException" and causing the entire application process to terminate. Versions 15.1.1 and 16.1.1 fix the issue.
Publish Date: 2026-03-20
URL: CVE-2026-32933
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2026-03-20
Fix Resolution: https://github.com/LuckyPennySoftware/AutoMapper.git - v16.1.1,https://github.com/LuckyPennySoftware/AutoMapper.git - v15.1.1
Step up your Open Source Security Game with Mend here