The Epicgames.Horde still using 6.0.1 .NET version that has Denial of Service Vulnerability
GHSA-qj66-m88j-hmgj - OSV
Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability · CVE-2024-43483 · GitHub Advisory Database
I am unable to upgrade it manually to the patched 6.0.2 version.
I encountered it too, when trying to remove the package or upgrade it - I keep getting compilation errors - any solution?
Unfortunately, we can’t do anything about it. And it’s Epic’s problem not ours. You can just ignore it. Mine still compile successfully.
Open D:\Games\UE_5.4\Engine\Source\Programs\Shared\EpicGames.Horde\EpicGames.Horde.csproj
and change version PackageReference Include=“Microsoft.Extensions.Caching.Memory” Version=“6.0.2”
Just made these changes, thanks!
You’ll also want to update Engine/Source/Programs/Shared/EpicGames.Horde.Tests/EpicGames.Horde.Tests.csproj
It’s referencing 6.0.1 as well
