🔒️ Set JsonSerializerSettings' MaxDepth property to 128 & remove unused ComparisonMessage's utily methods and classes

criteo / openapi-comparator

Apache License 2.0

25 stars 7 forks source link

🔒️ Set JsonSerializerSettings' MaxDepth property to 128 & remove unused ComparisonMessage's utily methods and classes #2

Closed PaulMathon closed 2 years ago

PaulMathon commented 2 years ago

NewtonSoft.Json package version < 13.0.1 exposes our apps to DoS attacks, this could be avoided by either upgrading the package or limiting the json max depth to 128