Security: Latest version pulls in System.Drawing with known security vulnerability

KirillOsenkov / MSBuildStructuredLog

A logger for MSBuild that records a structured representation of executed targets, tasks, property and item values.

MIT License

1.41k stars 188 forks source link

Security: Latest version pulls in System.Drawing with known security vulnerability #677

Closed nschuessler closed 1 year ago

nschuessler commented 1 year ago

This package pulls in System.Drawing 4.7.0 which has a known security vulnerability (CVE-2021-24112). The dependency path is: Microsoft.Build.Framework (16.10.0) => System.Security.Permissions (4.7.0) => System.Windows.Extensions(4.7.0) => System.Drawing.Common (4.7.0).

Should upgrade to a newer version of Microsoft.Build.Framework.

KirillOsenkov commented 1 year ago

I published https://www.nuget.org/packages/MSBuild.StructuredLogger/2.1.820 which depends on MSBuild 17.5.0