You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our InfoSec team as flagged vulnerabilities with the Newtonsoft.Json library. Any plans to address this? I see in the original Company Communicator they addressed alerts in April 2024. Assuming the Newtonsoft.Json library is one of them.
{
"EvidenceObjectType": "SECURITY_TOOL_FINDING",
"description": "The library Newtonsoft.Json version 12.0.3 was detected in Dotnet library manager located at /bin/function.deps.json and is vulnerable to CVE-2024-21907, which exists in versions \u003c 13.0.1.\n\nThe vulnerability was found in the Github Security Advisory with vendor severity: High (NVD severity: High).\n\nThis vulnerability has a known exploit available. Source: Github.\n\nThe vulnerability can be remediated by updating the library to version 13.0.1 or higher, using dotnet add package Newtonsoft.Json.",
"detailed_fixedVersion": "13.0.1",
"detailed_version": "12.0.3",
"detectedByFilePath": "/bin/function.deps.json",
"name": "CVE-2024-21907",
"severity": "VulnerabilitySeverityHigh"
}
The text was updated successfully, but these errors were encountered:
Our InfoSec team as flagged vulnerabilities with the Newtonsoft.Json library. Any plans to address this? I see in the original Company Communicator they addressed alerts in April 2024. Assuming the Newtonsoft.Json library is one of them.
{
"EvidenceObjectType": "SECURITY_TOOL_FINDING",
"description": "The library
Newtonsoft.Json
version12.0.3
was detected inDotnet library manager
located at/bin/function.deps.json
and is vulnerable toCVE-2024-21907
, which exists in versions\u003c 13.0.1
.\n\nThe vulnerability was found in the Github Security Advisory with vendor severity:High
(NVD severity:High
).\n\nThis vulnerability has a known exploit available. Source: Github.\n\nThe vulnerability can be remediated by updating the library to version13.0.1
or higher, usingdotnet add package Newtonsoft.Json
.","detailed_fixedVersion": "13.0.1",
"detailed_version": "12.0.3",
"detectedByFilePath": "/bin/function.deps.json",
"name": "CVE-2024-21907",
"severity": "VulnerabilitySeverityHigh"
}
The text was updated successfully, but these errors were encountered: