Skip to content

Bump Newtonsoft.Json from 10.0.3 to 13.0.1, as suggested by Github Secu… #616

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 15, 2022
Merged

Bump Newtonsoft.Json from 10.0.3 to 13.0.1, as suggested by Github Secu… #616

merged 2 commits into from
Jul 15, 2022

Conversation

@claudiamurialdo
Copy link
Collaborator

@claudiamurialdo claudiamurialdo commented Jun 23, 2022
edited
Loading

…rity advisor

Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of StackOverFlow exception (SOE) whenever nested expressions are being processed. Exploiting this vulnerability results in Denial Of Service (DoS), and it is exploitable when an attacker sends 5 requests that cause SOE in time frame of 5 minutes. This vulnerability affects Internet Information Services (IIS) Applications.
Issue:96987

@claudiamurialdo
Bump System.Net.Http from 4.3.1 to 4.3.4, as suggested by Github Secu…
0446adc 
…rity advisor

Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of StackOverFlow exception (SOE) whenever nested expressions are being processed. Exploiting this vulnerability results in Denial Of Service (DoS), and it is exploitable when an attacker sends 5 requests that cause SOE in time frame of 5 minutes. This vulnerability affects Internet Information Services (IIS) Applications.
@claudiamurialdo claudiamurialdo temporarily deployed to external-storage-tests June 23, 2022 18:36 Inactive
@genexusbot
Copy link
Collaborator

genexusbot commented Jun 23, 2022

Cherry pick to beta failed, 1 conflicted file in commit 0446adc
  • dotnet/src/extensions/SecurityAPI/dotnet/dotnetcore/GeneXusJWTNetCore/GeneXusJWTNetCore.csproj

@genexusbot genexusbot added the conflict Conflict merging to beta branch label Jun 23, 2022
This was referenced Jun 23, 2022
Closed
Closed
@genexusbot
Copy link
Collaborator

genexusbot commented Jun 23, 2022

Manual cherry pick to beta success

@genexusbot genexusbot removed the conflict Conflict merging to beta branch label Jun 23, 2022
@claudiamurialdo claudiamurialdo changed the title Bump System.Net.Http from 4.3.1 to 4.3.4, as suggested by Github Secu… Bump Newtonsoft.Json from 10.01 to 13.0.1, as suggested by Github Secu… Jun 24, 2022
@claudiamurialdo claudiamurialdo changed the title Bump Newtonsoft.Json from 10.01 to 13.0.1, as suggested by Github Secu… Bump Newtonsoft.Json from 10.0.3 to 13.0.1, as suggested by Github Secu… Jun 24, 2022
@claudiamurialdo claudiamurialdo mentioned this pull request Jun 24, 2022
Closed
@claudiamurialdo claudiamurialdo temporarily deployed to external-storage-tests July 14, 2022 19:47 Inactive
@claudiamurialdo claudiamurialdo merged commit e3e1922 into master Jul 15, 2022
@claudiamurialdo claudiamurialdo deleted the upgrade-newtonsoft branch July 15, 2022 01:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sgrampone sgrampone sgrampone approved these changes

Assignees

No one assigned

Labels

bot closed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@claudiamurialdo @genexusbot @sgrampone