[AVRO-3874] Bump minimum Newtonsoft version because of severe vulnerability - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Duplicate
Affects Version/s: None
Fix Version/s: 1.11.4
Component/s: csharp
Labels:
- pull-request-available

Release Note:
AVRO-3986 resolves this.

Description

Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of expressions with high nesting level that lead to StackOverFlow exception or high CPU and RAM usage. Exploiting this vulnerability results in Denial Of Service (DoS).

https://github.com/advisories/GHSA-5crp-9r3c-p9vr

Attachments

Issue Links

links to

GitHub Pull Request #2523

Activity

People

Assignee:: Unassigned

Reporter:: Zoltan Csizmadia

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 25/Sep/23 19:43

Updated:: 22/Nov/23 14:03

Resolved:: 22/Nov/23 14:03

Time Tracking

Estimated:

24h

Remaining:

23.5h

Logged:

0.5h