Describe the bug
In our application we found out vulnerability issue (Denial Of Service (DoS)) regarding Newtonsoft.Json library which this library uses. Issue was found with Veracode scans.
Please upgrade affected libraries that will use at least newtonsoft.json 13.0.1 in which Denial Of Service (DoS) vulnerability is fixed.
Additional context
Newtonsoft.Json is vulnerable to denial of service. The use of insecure defaults cause an StackOverFlow exception (SOE) whenever nested expressions are being processed when an attacker sends 5 requests that cause SOE in time frame of 5 minutes.
Describe the bug In our application we found out vulnerability issue (Denial Of Service (DoS)) regarding Newtonsoft.Json library which this library uses. Issue was found with Veracode scans.
Dependency graph: eventdriven.eventbus.dapr 1.3.6 -> eventdriven.schemavalidator.json 1.1.0 -> newtonsoft.json.schema 3.0.14 -> newtonsoft.json 12.0.3
Please upgrade affected libraries that will use at least newtonsoft.json 13.0.1 in which Denial Of Service (DoS) vulnerability is fixed.
Additional context Newtonsoft.Json is vulnerable to denial of service. The use of insecure defaults cause an StackOverFlow exception (SOE) whenever nested expressions are being processed when an attacker sends 5 requests that cause SOE in time frame of 5 minutes.