Stamp your assemblies, packages and more with a unique version generated from a single, simple version.json file and include git commit IDs for non-official builds.
Just wanted to let you know that due to .NET 8.0 and Powershell 7.4 vulnerability CVE-2024-30105, Nerdbank.GitVersioning gets flagged by Nexus IQ.
Short explanation of the CVE:
The System.Text.Json package is vulnerable to Denial of Service (DoS) attacks. The ReadFromStreamAsync() method of the ReadBufferState class mishandles unsuccessful read operations when parsing certain tokens in slowly streamed data. In such cases, the method awaits the fulfillment of the stream's underlying buffer. A remote attacker can exploit this vulnerability with large JSON strings that, when consumed, may cause affected applications to consume all available resources.
Hello,
Just wanted to let you know that due to .NET 8.0 and Powershell 7.4 vulnerability CVE-2024-30105, Nerdbank.GitVersioning gets flagged by Nexus IQ.
Short explanation of the CVE:
Root cause reported by Nexus IQ:
Understandably, this vulnerability might not be applicable for Nerdbank.GitVersioning, however due to it being flagged, it's causing some troubles.