Nugget System.Text.Json has a vulnerability before 8.0.4

Azure / azure-sdk-for-net

This repository is for active development of the Azure SDK for .NET. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/dotnet/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-net.

MIT License

5.23k stars 4.58k forks source link

Nugget System.Text.Json has a vulnerability before 8.0.4 #45025

Closed chaparo closed 1 month ago

chaparo commented 1 month ago

https://github.com/Azure/azure-sdk-for-net/blob/442f867b186146a0fa292888d8a7b80a9dfd9db0/sdk/core/Azure.Core/src/Azure.Core.csproj#L28

github-actions[bot] commented 1 month ago

Thank you for your feedback. Tagging and routing to the team member best able to assist.

jsquire commented 1 month ago

@chaparo: CVE 2024-30105 was updated to amend the STJ versions flagged as vulnerable to include only 7.0.0 - 8.0.3. The Azure SDK packages, including Core, are using v4.7.2, which is not marked vulnerable.

github-actions[bot] commented 1 month ago

Hi @chaparo. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.

github-actions[bot] commented 1 month ago

Hi @chaparo, since you haven’t asked that we /unresolve the issue, we’ll close this out. If you believe further discussion is needed, please add a comment /unresolve to reopen the issue.