Reference to PeterO.Cbor version which contains a public advisory

MichaelGrafnetter / DSInternals

Directory Services Internals (DSInternals) PowerShell Module and Framework

https://www.dsinternals.com

MIT License

1.64k stars 253 forks source link

Reference to PeterO.Cbor version which contains a public advisory #140

Closed timesscar closed 1 year ago

timesscar commented 2 years ago

Hello,

During a review of the DsInternals code, this advisory was found. The relevant commit that addresses it is here and is found in versions > 4.5 of the nuget.

Please advise if you would prefer for me to submit a PR with a nuget version bump or otherwise.

Thanks!

Matt

timesscar commented 2 years ago

I just noticed that dependabot automatically submitted a PR for the fix, https://github.com/MichaelGrafnetter/DSInternals/pull/138 for reference.

MichaelGrafnetter commented 2 years ago

Yes, upgrading to a new version of the library is in my TODO list. On the other hand, it is currently only used for parsing values generated by Microsoft's code in Azure AD, so I don't expect any malicious intent there.

MichaelGrafnetter commented 1 year ago

Fixed in release 4.8.