AdaptiveCards icon indicating copy to clipboard operation
AdaptiveCards copied to clipboard

Published 20 hours ago verified publisher icon microsoft

[Library] AdaptiveCards .NET Library High Severity Vulnerability for Newtonsoft.Json Dependency

Open MaddMugsy opened this issue 1 year ago • 0 comments

Target Platforms

Other

SDK Version

3.1

Application Name

Teams

Problem Description

There wasn't a great issue template to report this, so I chose the Rendering one, as the .NET Library package resides alongside the rendering packages. Forgive me if there was a better option to use.

Issue: Visual Studio is reporting a high severity vulnerability in Newtonsoft.Json 11.0.2, which is a dependency of this package for .NET FW and .NETStandard:

Package 'Newtonsoft.Json' 11.0.2 has a known high severity vulnerability, https://github.com/advisories/GHSA-5crp-9r3c-p9vr

Looks like Newtonsoft.Json 13.0.3 is being correctly applied to .Net6, but not the other supported frameworks of the package.

Screenshots

image

Card JSON

{}

Sample Code Language

No response

Sample Code

No response

MaddMugsy avatar Aug 19 '24 19:08 MaddMugsy