aspnetcore icon indicating copy to clipboard operation
aspnetcore copied to clipboard

Published 20 hours ago verified publisher icon dotnet

The referenced MessagePack has a known vulnerability

Open davesmits opened this issue 1 year ago • 0 comments

In https://github.com/dotnet/aspnetcore/blob/4b8269fca79f95dc28c0c03546f941e86f663c15/eng/Versions.props#L297 the reference to MessagePack is a version (2.5.108) with a known vulnerability https://osv.dev/vulnerability/GHSA-4qm4-8hg2-g2xm

I noticed the .NET 9RC2 still links this package with vulnerability. Is the reference going to be updated to version where this is fixed? (>= 2.5.187)?

davesmits avatar Oct 20 '24 19:10 davesmits