You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@avro.apache.org by "Zoltan Csizmadia (Jira)" <ji...@apache.org> on 2023/09/25 19:44:00 UTC

[jira] [Created] (AVRO-3874) Bump minimum Newtonsoft version because of severe vulnerability

Zoltan Csizmadia created AVRO-3874:
--------------------------------------

             Summary: Bump minimum Newtonsoft version because of severe vulnerability
                 Key: AVRO-3874
                 URL: https://issues.apache.org/jira/browse/AVRO-3874
             Project: Apache Avro
          Issue Type: Improvement
          Components: csharp
            Reporter: Zoltan Csizmadia
             Fix For: 1.11.4


Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of expressions with high nesting level that lead to StackOverFlow exception or high CPU and RAM usage. Exploiting this vulnerability results in Denial Of Service (DoS).

 

https://github.com/advisories/GHSA-5crp-9r3c-p9vr



--
This message was sent by Atlassian Jira
(v8.20.10#820010)