8000 [Bug]: CVE affecting legacy .NET versions, fix in main branch is unreleased · Issue #1782 · reactiveui/refit · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
[Bug]: CVE affecting legacy .NET versions, fix in main branch is unreleased #1782
New issue
New issue
Closed
#1818
Closed
[Bug]: CVE affecting legacy .NET versions, fix in main branch is unreleased#1782
#1818
Labels
bug
@derekm

Description

@derekm
derekm
opened on Aug 13, 2024

Describe the bug 🐞

A CVE happened affecting .NET versions prior to .NET 8.0.6. GitHub's advisory

Force-upgrade to System.Text.Json 8.0.4 for legacy frameworks should be released as Refit 7.1.3.

Step to reproduce

  1. Include Refit in a new .NET project
  2. Security scan project
  3. See "HIGH" denial-of-service vulnerability

Reproduction repository

https://github.com/reactiveui/refit

Expected behavior

Recent releases should be free of HIGH vulns.

Screenshots 🖼️

No response

IDE

No response

Operating system

No response

Version

No response

Device

No response

Refit Version

7.1.2

Additional information ℹ️

Refit main branch force-upgrades to System.Text.Json 8.0.4 for netstandard2.0 or net462, and this should be released ASAP as Refit 7.1.3.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0