Skdishansachin

**Name of the Vulnerable Software and Affected Versions** AutoMapper versions prior to 15.1.1 AutoMapper versions prior to 16.1.1 **Description** AutoMapper is susceptible to a Denial of Service (DoS) attack. When processing deeply nested object graphs, the library employs recursive method calls without a default maximum depth limit. An attacker can exploit this by providing a specifically crafted object graph that exhausts the thread's stack memory, resulting in a `StackOverflowException` and terminating the application process. The core mapping engine is affected, where recursive attempts to map nested objects of the same type can exceed the stack size, leading to process termination. A proof of concept demonstrates the crash by creating a deeply nested "Circular" object graph and attempting to map it. **Recommendations** AutoMapper versions prior to 15.1.1: Implement a default `MaxDepth` for all mapping operations. AutoMapper versions prior to 16.1.1: Implement a default `MaxDepth` for all mapping operations.