consider updating newtonsoft Json.NET to Version 13.0.2

DalSoft / DalSoft.RestClient

The C# REST Client - the only REST/ HTTP Client you will ever need

https://restclient.dalsoft.io

MIT License

217 stars 43 forks source link

consider updating newtonsoft Json.NET to Version 13.0.2 #109

Closed vitorrubio closed 2 weeks ago

vitorrubio commented 1 year ago

there is a issue in versions prior to 13.0.2 concerning default mx depth causing stack overflow exception and them a DOS.

there is also a dependabot pull request waiting for approval since 01/14/2023 https://github.com/DalSoft/DalSoft.RestClient/pull/108

sources: https://devhub.checkmarx.com/cve-details/Cx46691637-14e8/ https://github.com/JamesNK/Newtonsoft.Json/issues/2457 https://github.com/JamesNK/Newtonsoft.Json/pull/2462

DalSoft commented 2 weeks ago

I’ve been meaning to get organized with my side projects for a while, and finally got some time this weekend to do so. All outstanding dependabot PR's have been tested / merged, and a new package will be released Monday.