DSInternals icon indicating copy to clipboard operation
DSInternals copied to clipboard

Published 20 hours ago verified publisher icon MichaelGrafnetter

Reference to PeterO.Cbor version which contains a public advisory

Open timesscar opened this issue 3 years ago • 2 comments

Hello,

During a review of the DsInternals code, this advisory was found. The relevant commit that addresses it is here and is found in versions > 4.5 of the nuget.

Please advise if you would prefer for me to submit a PR with a nuget version bump or otherwise.

Thanks!

Matt

timesscar avatar Feb 11 '22 21:02 timesscar

I just noticed that dependabot automatically submitted a PR for the fix, https://github.com/MichaelGrafnetter/DSInternals/pull/138 for reference.

timesscar avatar Feb 11 '22 21:02 timesscar

Yes, upgrading to a new version of the library is in my TODO list. On the other hand, it is currently only used for parsing values generated by Microsoft's code in Azure AD, so I don't expect any malicious intent there.

MichaelGrafnetter avatar Feb 13 '22 07:02 MichaelGrafnetter

Fixed in release 4.8.

MichaelGrafnetter avatar Dec 06 '22 13:12 MichaelGrafnetter