search

altmann / FluentResults

A generalised Result object implementation for .NET/C#
MIT License
2.07k stars 115 forks source link

Is FluentResults.Extensions.AspNetCore vulnerable to Microsoft.aspnetcore.http.features DOS high security vulnerability reported (CVE-2022-21986) #219

Open jasonmcfarlanekoerber opened 3 months ago

jasonmcfarlanekoerber commented 3 months ago

I have added Fluent Results to my .net8 app, last week Veracode reported that there is a high security DOS issue in microsoft.aspnetcore.http.features which is a dependency in FluentResults.Extensions.AspNetCore. The versioning for microsoft.aspnetcore.http.features is 2.2.0.

Is it vulnerable to this DOS?

Kysluss commented 2 months ago

Leaving this here in case anyone else stumbles on it. I think the warning is correct, but the dependency to Microsoft.AspNetCore.Http.Features is a transitive dependency to this package and should be safe to upgrade on your own (either through NuGet or adding a direct reference to it in your csproj file). Nothing that FluentResults.Extensions.AspNetCore does directly uses that package and is only installed as a byproduct of needing references the Mvc framework.

jasonmcfarlanekoerber commented 2 months ago

Will do. Thanks

Get Outlook for Androidhttps://aka.ms/AAb9ysg

From: Kysluss @.> Sent: Thursday, August 22, 2024 7:49:09 PM To: altmann/FluentResults @.> Cc: Jason McFarlane @.>; Author @.> Subject: Re: [altmann/FluentResults] Is FluentResults.Extensions.AspNetCore vulnerable to Microsoft.aspnetcore.http.features DOS high security vulnerability reported (CVE-2022-21986) (Issue #219)

Leaving this here in case anyone else stumbles on it. I think the warning is correct, but the dependency to Microsoft.AspNetCore.Http.Features is a transitive dependency to this package and should be safe to upgrade on your own (either through NuGet or adding a direct reference to it in your csproj file). Nothing that FluentResults.Extensions.AspNetCore does directly uses that package and is only installed as a byproduct of needing references the Mvc framework.

— Reply to this email directly, view it on GitHubhttps://github.com/altmann/FluentResults/issues/219#issuecomment-2305929259, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BAOOTER3CSZSW2LJQJUTZKLZSZ2HLAVCNFSM6AAAAABMPB4SF6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMBVHEZDSMRVHE. You are receiving this because you authored the thread.Message ID: @.***>

'

Körber Supply Chain

This document and all information therein are provided in confidence and may not be disclosed to any third party without the express written permission of the disclosing party. The companies of the Körber Group take the protection of your personal data very seriously. Read more under https://www.koerber.com/en/gdpr

'.