The Epicgames.Horde still using 6.0.1 .NET version that has Denial of Service Vulnerability
GHSA-qj66-m88j-hmgj - OSV
Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability · CVE-2024-43483 · GitHub Advisory Database
I am unable to upgrade it manually to the patched 6.0.2 version.
I encountered it too, when trying to remove the package or upgrade it - I keep getting compilation errors - any solution?
Unfortunately, we can’t do anything about it. And it’s Epic’s problem not ours. You can just ignore it. Mine still compile successfully.
Open D:\Games\UE_5.4\Engine\Source\Programs\Shared\EpicGames.Horde\EpicGames.Horde.csproj
and change version PackageReference Include=“Microsoft.Extensions.Caching.Memory” Version=“6.0.2”
Just made these changes, thanks!
You’ll also want to update Engine/Source/Programs/Shared/EpicGames.Horde.Tests/EpicGames.Horde.Tests.csproj
It’s referencing 6.0.1 as well
I have the same issue in 2025 and the changes are not working for my 5.3engine:(
same here, suddenly from one day to another VS is not building any longer with an NU1903 warning.
the suggested solution does not work as the version in EpicGames.Horde.csproj is already 6.02
still does not build from VS (with VS22 17.12.4, UE5.4.4)
Any help very much apreciated 
edit (update)… ok my bad !
if one clicks on this warning in the VS editor it opens some EpicHorde file, which contains the
line @ravendcode meant to be changed.
PackageReference Include=“Microsoft.Extensions.Caching.Memory” Version=“6.0.2”
if changed there - it then works. 
(i did mean above, the EpicGames.Horde.csproj manually found in the UE5.4 installation directory. That one had already the correct version, while what ever file it was in the VS editor did not…)
It works to me! Thanks very much!!!
