From 3306a41dd517573e7d3d36fee4af7bc00f5af0a7 Mon Sep 17 00:00:00 2001 From: axunonb Date: Tue, 28 Jun 2022 17:59:26 +0200 Subject: [PATCH] Fix: Newtonsoft.Json prior to version 13.0.1 is vulnerable Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of expressions with high nesting level that lead to StackOverFlow exception or high CPU and RAM usage. Exploiting this vulnerability results in Denial Of Service (DoS). --- appveyor.yml | 6 +++--- src/SmartFormat/SmartFormat.csproj | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/appveyor.yml b/appveyor.yml index 24a180d7..bf5dd9f5 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -1,4 +1,4 @@ -version: 2.7.2.{build} +version: 2.7.3.{build} environment: DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true image: Visual Studio 2019 @@ -8,7 +8,7 @@ build_script: - ps: dotnet add .\SmartFormat.Tests\SmartFormat.Tests.csproj package AltCover - ps: dotnet build SmartFormat.sln /verbosity:minimal /t:rebuild /p:configuration=release /nowarn:CS1591,CS0618 - ps: | - $version = "2.7.2" + $version = "2.7.3" $versionFile = $version + "." + ${env:APPVEYOR_BUILD_NUMBER} if ($env:APPVEYOR_PULL_REQUEST_NUMBER) { @@ -29,4 +29,4 @@ deploy: api_key: secure: siTK+zMCX6XYTT2G7uhX9XjB6LNhDtZheum/MKIfrnsBITjZ+yEGAPNKVL/LCEPB on: - branch: main + branch: version/2.7.3 diff --git a/src/SmartFormat/SmartFormat.csproj b/src/SmartFormat/SmartFormat.csproj index 6d47e4cd..5d8c4690 100644 --- a/src/SmartFormat/SmartFormat.csproj +++ b/src/SmartFormat/SmartFormat.csproj @@ -3,8 +3,8 @@ A string composition library written in C# that can format data into a string with a minimal, intuitive syntax. It uses extensions to provide named placeholders, pluralization, gender conjugation, and time and list formatting. SmartFormat - 2.7.2 - 2.7.2 + 2.7.3 + 2.7.3 netstandard2.0;net461 TRACE;DEBUG true @@ -53,9 +53,9 @@ https://github.com/axuno/SmartFormat/blob/master/CHANGES.mdall runtime; build; native; contentfiles; analyzers; buildtransitive - + - +