WolverineFx is vulnerable to Denial of Service (DoS)
53
Medium Risk
The message handler pipeline's last-resort exception handler in HandlerPipeline.InvokeAsync performs unguarded recovery work, acknowledging the failed envelope with CompleteAsync and logging the exception without protecting against failures in that recovery path. When an inbound message drives the application's deserialization into resource exhaustion such as an OutOfMemoryException, the acknowledgement and logging calls reallocate at the memory ceiling and rethrow, so the exception escapes the pipeline and faults the receiver loop. The listener stops and the host exits cleanly, which an orchestrator reads as a successful shutdown and restarts straight back into the same unacknowledged poison message, producing a persistent crash loop from a single message. The fix moves recovery into a guarded helper that contains secondary failures so the listener stays alive and keeps processing other messages.
You are affected if you are using a version that falls within the vulnerable range.
WolverineFx is vulnerable to Denial of Service (DoS) in versions 0.8.2 - 6.9.0.
Upgrade the WolverineFx library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant