riskfirst.hateoas icon indicating copy to clipboard operation
riskfirst.hateoas copied to clipboard
verified publisher icon riskfirst

Information disclosure vulnerability exists in System.Security.Cryptography.Xml 4.5.0

Open ejarvi opened this issue 1 year ago • 0 comments

Actual

  • Nuget package RiskFirst.Hateoas 3.1.1 uses System.Security.Cryptography.Xml 4.5.0
  • Information disclosure vulnerability exists in System.Security.Cryptography.Xml 4.5.0

Expected

  • Upgrade Security.Cryptography.Xml from 4.5.0 to 4.7.1 to fix the vulnerability.

References

  • https://github.com/dotnet/aspnetcore/security/advisories/GHSA-vh55-786g-wjwj
  • https://www.nuget.org/packages/RiskFirst.Hateoas

ejarvi avatar Mar 28 '24 04:03 ejarvi