dotnet-env icon indicating copy to clipboard operation
dotnet-env copied to clipboard

Published 20 hours ago verified publisher icon tonerdo

Vulnerability issue v2.3.0

Open artkamote opened this issue 3 years ago • 1 comments

Hi guys.

I got vulnerability issue CVE-2019-0820 on v2.3.0

image

artkamote avatar Jan 21 '22 16:01 artkamote

Sprache is unlikely to get updated soon for this, but we can watch for it: https://www.nuget.org/packages/Sprache

In the meantime, the only risk here is if you put malicious text into your own .env files, since no user input gets sent to sprache, just these files.

rogusdev avatar Jan 23 '22 16:01 rogusdev