[Bug]: CVE affecting legacy .NET versions, fix in main branch is unreleasedΒ #1782
Description
Describe the bug π
A CVE happened affecting .NET versions prior to .NET 8.0.6. GitHub's advisory
Force-upgrade to System.Text.Json 8.0.4 for legacy frameworks should be released as Refit 7.1.3.
Step to reproduce
- Include Refit in a new .NET project
- Security scan project
- See "HIGH" denial-of-service vulnerability
Reproduction repository
https://github.com/reactiveui/refit
Expected behavior
Recent releases should be free of HIGH vulns.
Screenshots πΌοΈ
No response
IDE
No response
Operating system
No response
Version
No response
Device
No response
Refit Version
7.1.2
Additional information βΉοΈ
Refit main branch force-upgrades to System.Text.Json 8.0.4 for netstandard2.0 or net462, and this should be released ASAP as Refit 7.1.3.