Closed timesscar closed 1 year ago
I just noticed that dependabot automatically submitted a PR for the fix, https://github.com/MichaelGrafnetter/DSInternals/pull/138 for reference.
Yes, upgrading to a new version of the library is in my TODO list. On the other hand, it is currently only used for parsing values generated by Microsoft's code in Azure AD, so I don't expect any malicious intent there.
Fixed in release 4.8.
Hello,
During a review of the DsInternals code, this advisory was found. The relevant commit that addresses it is here and is found in versions > 4.5 of the nuget.
Please advise if you would prefer for me to submit a PR with a nuget version bump or otherwise.
Thanks!
Matt