You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@logging.apache.org by mi...@solem.cl.INVALID on 2022/10/27 13:00:25 UTC
log4net > Vulnerability > CVE-2021-24112
Hello,
In our CI pipeline, we detected vulnerability CVE-2021-24112, which affects
the System.Drawing.Common 5.0.0 package, which is a dependency of log4net
2.0.15.
> dotnet list package --vulnerable --include-transitive
> System.Drawing.Common 5.0.0 Critical
https://github.com/advisories/GHSA-rxg9-xrhp-64gj
Regards.
Re: log4net > Vulnerability > CVE-2021-24112
Posted by Davyd McColl <da...@gmail.com>.
Good day
Transient dependencies with vulnerabilities are not considered issues with log4net since they are easily updated in the consuming application. We do not release a new version of log4net every time an upstream package is updated either.
-d
On 2022-10-27 15:03:03, miguel.carvajal@solem.cl.invalid <mi...@solem.cl.invalid> wrote:
Hello,
In our CI pipeline, we detected vulnerability CVE-2021-24112, which affects the System.Drawing.Common 5.0.0 package, which is a dependency of log4net 2.0.15.
> dotnet list package --vulnerable --include-transitive
> System.Drawing.Common 5.0.0 Critical https://github.com/advisories/GHSA-rxg9-xrhp-64gj [https://github.com/advisories/GHSA-rxg9-xrhp-64gj]
Regards.