ably-dotnet icon indicating copy to clipboard operation
ably-dotnet copied to clipboard

Published 20 hours ago verified publisher icon ably

Improper Handling of Exceptional Conditions in Newtonsoft.Json

Open tomkirbygreen opened this issue 2 years ago • 2 comments

ecurity vulnerabilities in Newtonsoft.Json < 13.0.1

Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of StackOverFlow exception (SOE) whenever nested expressions are being processed. Exploiting this vulnerability results in Denial Of Service (DoS), and it is exploitable when an attacker sends 5 requests that cause SOE in time frame of 5 minutes.

┆Issue is synchronized with this Jira Bug by Unito

tomkirbygreen avatar Jun 27 '22 09:06 tomkirbygreen

➤ Tom Kirby-Green commented:

This builds with updated dependencies on Linux (.NET Core), Windows (.NET Core and .NET Framework) but fails when doing the iOS and Android Xamarin builds (both of which use the mono runtime).

ably-sync-bot avatar Jun 28 '22 10:06 ably-sync-bot

It's difficult to test failing build/tests on the CI, so installed xamarin locally. Testing it out by looking at unknown errors.

sacOO7 avatar Jul 20 '22 13:07 sacOO7