Critical and high security alerts

[apeter48]

Our InfoSec team as flagged vulnerabilities with the Newtonsoft.Json library. Any plans to address this? I see in the original Company Communicator they addressed alerts in April 2024. Assuming the Newtonsoft.Json library is one of them.

{
"EvidenceObjectType": "SECURITY_TOOL_FINDING",
"description": "The library Newtonsoft.Json version 12.0.3 was detected in Dotnet library manager located at /bin/function.deps.json and is vulnerable to CVE-2024-21907, which exists in versions \u003c 13.0.1.\n\nThe vulnerability was found in the Github Security Advisory with vendor severity: High (NVD severity: High).\n\nThis vulnerability has a known exploit available. Source: Github.\n\nThe vulnerability can be remediated by updating the library to version 13.0.1 or higher, using dotnet add package Newtonsoft.Json.",
"detailed_fixedVersion": "13.0.1",
"detailed_version": "12.0.3",
"detectedByFilePath": "/bin/function.deps.json",
"name": "CVE-2024-21907",
"severity": "VulnerabilitySeverityHigh"
}

[luishdemetrio]

Working on it. 👊