riskfirst.hateoas icon indicating copy to clipboard operation
riskfirst.hateoas copied to clipboard
verified publisher icon riskfirst

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability

Open ejarvi opened this issue 1 year ago • 0 comments

Actual

  • Nuget package RiskFirst.Hateoas 3.1.1 uses Newtonsoft.Json 12.0.1
  • "Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability" (CVE-2024-21907)

Expected

  • Upgrade Newtonsoft.Json from 12.0.1 to 13.0.1 to fix the vulnerability.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-21907
  • https://www.nuget.org/packages/RiskFirst.Hateoas

ejarvi avatar Mar 28 '24 04:03 ejarvi