This package has a. .NET Denial of Service Vulnerability.
Microsoft is releasing this security advisory to provide information about a vulnerability in System.Text.Json 6.0.x and 8.0.x. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
In System.Text.Json 6.0.x and 8.0.x, applications which deserialize input to a model with an [ExtensionData] property can be vulnerable to an algorithmic complexity attack resulting in Denial of Service.
jerone
commented
1 week ago
This package has a. .NET Denial of Service Vulnerability.
https://osv.dev/vulnerability/GHSA-8g4q-xg66-9fp4 https://github.com/advisories/GHSA-8g4q-xg66-9fp4
System.Text.Jsonis a dependency ofSystem.Net.Http.Json, which is used in this package: https://github.com/maxkagamine/Moq.Contrib.HttpClient/blob/8d3dc669d868de754b65f9eda5605406817d6ecf/Moq.Contrib.HttpClient/Moq.Contrib.HttpClient.csproj#L21