From 0446adc47cb34c2a85ee1c800f1f910865b463ae Mon Sep 17 00:00:00 2001
From: Claudia Murialdo <cmurialdo@genexus.com>
Date: Thu, 23 Jun 2022 15:36:01 -0300
Subject: [PATCH] Bump System.Net.Http from 4.3.1 to 4.3.4, as suggested by
 Github Security advisor Newtonsoft.Json prior to version 13.0.1 is vulnerable
 to Insecure Defaults due to improper handling of StackOverFlow exception
 (SOE) whenever nested expressions are being processed. Exploiting this
 vulnerability results in Denial Of Service (DoS), and it is exploitable when
 an attacker sends 5 requests that cause SOE in time frame of 5 minutes. This
 vulnerability affects Internet Information Services (IIS) Applications.

---
 .../dotnetframework/Projects/StoreManager/StoreManager.csproj   | 2 +-
 .../dotnetcore/GeneXusJWTNetCore/GeneXusJWTNetCore.csproj       | 2 +-
 .../dotnet/dotnetframework/GeneXusJWT/GeneXusJWT.csproj         | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/dotnet/src/dotnetframework/Projects/StoreManager/StoreManager.csproj b/dotnet/src/dotnetframework/Projects/StoreManager/StoreManager.csproj
index 7a72a5e7a..2c79398c4 100644
--- a/dotnet/src/dotnetframework/Projects/StoreManager/StoreManager.csproj
+++ b/dotnet/src/dotnetframework/Projects/StoreManager/StoreManager.csproj
@@ -14,7 +14,7 @@
 		<PackageReference Include="Google.Apis.Auth" Version="1.42.0" />
 		<PackageReference Include="Google.Apis.Core" Version="1.42.0" />
 		<PackageReference Include="log4net" Version="2.0.11" />
-		<PackageReference Include="Newtonsoft.Json" Version="10.0.3" />
+		<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
 		<PackageReference Include="Zlib.Portable.Signed" Version="1.11.0" />
 	</ItemGroup>
 	<ItemGroup>
diff --git a/dotnet/src/extensions/SecurityAPI/dotnet/dotnetcore/GeneXusJWTNetCore/GeneXusJWTNetCore.csproj b/dotnet/src/extensions/SecurityAPI/dotnet/dotnetcore/GeneXusJWTNetCore/GeneXusJWTNetCore.csproj
index 8a851d152..b67ffa2a0 100644
--- a/dotnet/src/extensions/SecurityAPI/dotnet/dotnetcore/GeneXusJWTNetCore/GeneXusJWTNetCore.csproj
+++ b/dotnet/src/extensions/SecurityAPI/dotnet/dotnetcore/GeneXusJWTNetCore/GeneXusJWTNetCore.csproj
@@ -35,7 +35,7 @@
     <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.5.0" />
     <PackageReference Include="Microsoft.IdentityModel.Logging" Version="6.5.0" />
     <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.5.0" />
-    <PackageReference Include="Newtonsoft.Json" Version="10.0.1" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
     <PackageReference Include="Portable.BouncyCastle" Version="1.9.0" />
     <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.5.0" />
   </ItemGroup>
diff --git a/dotnet/src/extensions/SecurityAPI/dotnet/dotnetframework/GeneXusJWT/GeneXusJWT.csproj b/dotnet/src/extensions/SecurityAPI/dotnet/dotnetframework/GeneXusJWT/GeneXusJWT.csproj
index f85a43d8e..02dd37267 100644
--- a/dotnet/src/extensions/SecurityAPI/dotnet/dotnetframework/GeneXusJWT/GeneXusJWT.csproj
+++ b/dotnet/src/extensions/SecurityAPI/dotnet/dotnetframework/GeneXusJWT/GeneXusJWT.csproj
@@ -19,7 +19,7 @@
     <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="6.5.1" />
     <PackageReference Include="Microsoft.IdentityModel.Logging" Version="6.5.1" />
     <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.5.1" />
-    <PackageReference Include="Newtonsoft.Json" Version="10.0.1" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
     <PackageReference Include="Portable.BouncyCastle" Version="1.9.0" />
     <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.5.1" />
   </ItemGroup>