Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability: System.Text.RegularExpressions CVE-2019-0820 #2401

Closed
TimothyMothra opened this issue Sep 1, 2021 · 2 comments · Fixed by #2447
Closed

Vulnerability: System.Text.RegularExpressions CVE-2019-0820 #2401

TimothyMothra opened this issue Sep 1, 2021 · 2 comments · Fixed by #2447
Labels
sdl
Milestone
2.19

Comments

@TimothyMothra
Copy link
Member

Customer reported a vulnerability.
I have not yet confirmed where in our SDK this comes from.
Need more time to investigate.

May I suggest to also update the dependency System.Text.RegularExpressions from 4.3.0 to 4.3.1 because 4.3.0 has this known vulnerability:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0820

Originally posted by @vDiBo in #2392 (comment)
@TimothyMothra
Copy link
Member Author

@vDiBo can you share what SDKs you're taking a dependency on? this will help me find where this comes from.

@vDiBo
Copy link

vDiBo commented Sep 1, 2021 via email
edited
Loading

@TimothyMothra TimothyMothra added this to the 2.19 milestone Sep 2, 2021
@TimothyMothra TimothyMothra mentioned this issue Oct 20, 2021
Merged
4 tasks
@TimothyMothra TimothyMothra linked a pull request Oct 20, 2021 that will close this issue
remove dependency system.runtime.serialization.json (CVE-2019-0820) #2447
Merged
4 tasks
@TimothyMothra TimothyMothra mentioned this issue Dec 1, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
sdl
Projects
None yet
Milestone
2.19
2 participants
@TimothyMothra @vDiBo