Vulnerability issue v2.3.0

tonerdo / dotnet-env

A .NET library to load environment variables from .env files

MIT License

427 stars 50 forks source link

Vulnerability issue v2.3.0 #68

Closed artkamote closed 10 months ago

artkamote commented 2 years ago

Hi guys.

I got vulnerability issue CVE-2019-0820 on v2.3.0

rogusdev commented 2 years ago

Sprache is unlikely to get updated soon for this, but we can watch for it: https://www.nuget.org/packages/Sprache

In the meantime, the only risk here is if you put malicious text into your own .env files, since no user input gets sent to sprache, just these files.