search

ZiggyCreatures / FusionCache

FusionCache is an easy to use, fast and robust hybrid cache with advanced resiliency features.
MIT License
1.87k stars 96 forks source link

[BUG] CVE-2024-43483 Security Vulnerability #320

Closed konradgadecki closed 3 weeks ago

konradgadecki commented 1 month ago

Describe the bug

We found security vulnerability of Microsoft.Extensions.Caching.Memory ver 8.0.0 that latest version of FusionCache uses: CVE-2024-43483, severity is high.

Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43483

version 8.0.1 of Microsoft.Extensions.Caching.Memory fixes it.

To Reproduce

Run any vulnerability scanner like Trivy agains latest version of FusionCache v1.4.0

Expected behavior

Please update Microsoft.Extensions.Caching.Memory to 8.0.1 (or higher if available)

Versions

I've encountered this issue on:

Screenshots

This report comes from Trivy vulnerability scanner:

image

Additional context

N/A

jodydonetti commented 4 weeks ago

Thanks! I think it's the same as this already existing PR. Will merge soon and release a minor version.

jodydonetti commented 3 weeks ago

Fixed with v1.4.1. Thanks!