twilio-csharp icon indicating copy to clipboard operation
twilio-csharp copied to clipboard

Published 20 hours ago verified publisher icon twilio

Request to upgrade System.Text.RegularExpressions referenced in the sdk from 4.3.0 to 4.3.1.

Open vnagalingam opened this issue 3 years ago • 1 comments

Issue Summary

Running a SCA scan ( veracode) on twilio-sharp package reports the following vulnerability Denial Of Service (DoS) .NET Core is vulnerable to denial of service (DoS). It is due to lack of timeouts enforcement for regular expressions. 7.0 High Data Source: Public Disclosure Vulnerability ID: CVE-2019-0820

Details

Affected Library: System.Text.RegularExpressions, NUGET, system.text.regularexpressions Type: Transitive dependency Affected Version In Use: 4.​3.​0 Released On: 15 Nov 2016 00:00AM GMT

Suggested Fix

This issue was fixed in version 4.3.1 of System.Text.RegularExpressions. That version is currently considered safe, we suggest that you upgrade to the fixed version.

Technical details:

  • twilio-csharp version: 5.71.0
  • csharp version: net5.0

vnagalingam avatar Feb 16 '22 14:02 vnagalingam

This issue has been added to our internal backlog to be prioritized. Pull requests and +1s on the issue summary will help it move up the backlog.

childish-sambino avatar Feb 18 '22 16:02 childish-sambino