You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@avro.apache.org by "Zoltan Csizmadia (Jira)" <ji...@apache.org> on 2023/09/25 19:44:00 UTC
[jira] [Created] (AVRO-3874) Bump minimum Newtonsoft version because of severe vulnerability
Zoltan Csizmadia created AVRO-3874:
--------------------------------------
Summary: Bump minimum Newtonsoft version because of severe vulnerability
Key: AVRO-3874
URL: https://issues.apache.org/jira/browse/AVRO-3874
Project: Apache Avro
Issue Type: Improvement
Components: csharp
Reporter: Zoltan Csizmadia
Fix For: 1.11.4
Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of expressions with high nesting level that lead to StackOverFlow exception or high CPU and RAM usage. Exploiting this vulnerability results in Denial Of Service (DoS).
https://github.com/advisories/GHSA-5crp-9r3c-p9vr
--
This message was sent by Atlassian Jira
(v8.20.10#820010)