Thanks to visit codestin.com
Credit goes to github.com

Skip to content

mitigate CVE-2021-24112#2707

Merged
TimothyMothra merged 4 commits into
mainfrom
tilee/CVE-2021-24112
Nov 7, 2022
Merged

mitigate CVE-2021-24112#2707
TimothyMothra merged 4 commits into
mainfrom
tilee/CVE-2021-24112

Conversation

@TimothyMothra

@TimothyMothra TimothyMothra commented Nov 4, 2022
edited
Loading

Copy link
Copy Markdown

Supersedes: #2704

Our SDK has an implicit reference to System.Drawing.Common:

ApplicationInsights-dotnet/WEB/Src/PerformanceCollector/PerformanceCollector/Perf.csproj

Lines 30 to 32 in 35b1a30

<ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.0'">
<PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="1.0.0" />
<PackageReference Include="System.Diagnostics.PerformanceCounter" Version="4.7.0" />

We could mitigate this by taking a dependency on System.Drawing.Common v4.7.2.

Instead, we're going to upgrade System.Diagnostics.PerformanceCounter from v4.7.0 to v6.0.0 to get a version of System.Drawing.Common without a vulnerability.

@TimothyMothra TimothyMothra mentioned this pull request Nov 4, 2022
Closed
4 tasks
cijothomas
cijothomas reviewed Nov 4, 2022
View reviewed changes
Comment thread WEB/Src/PerformanceCollector/PerformanceCollector/Perf.csproj Outdated
@TimothyMothra TimothyMothra enabled auto-merge (squash) November 4, 2022 21:03
@TimothyMothra TimothyMothra merged commit 7191788 into main Nov 7, 2022
@TimothyMothra TimothyMothra deleted the tilee/CVE-2021-24112 branch November 7, 2022 21:34
@ryan-shelby-byte

ryan-shelby-byte commented Nov 23, 2022

Copy link
Copy Markdown

Is this going to be in a beta release?

@TimothyMothra

TimothyMothra commented Nov 23, 2022

Copy link
Copy Markdown
Author

Hi @ryan-shelby-byte
Yes, this will be in 2.22-Beta2, but we don't have a release date planned yet.

As a temporary mitigation, you can take an explicit dependency on a newer version of System.Drawing.Common.

@TimothyMothra TimothyMothra mentioned this pull request Jan 24, 2023
Closed
@dstj dstj mentioned this pull request Jun 27, 2023
Closed
@GillesVercammen GillesVercammen mentioned this pull request Dec 4, 2024
Closed
@dependabot dependabot Bot mentioned this pull request Jul 28, 2025
Closed
@dependabot dependabot Bot mentioned this pull request Aug 4, 2025
Open
@dependabot dependabot Bot mentioned this pull request Aug 14, 2025
Open
This was referenced Dec 5, 2025
Open
Merged
This was referenced Dec 12, 2025
Merged
Merged
This was referenced Dec 22, 2025
Merged
Closed
Closed
This was referenced Mar 23, 2026
Closed
Open
@dependabot dependabot Bot mentioned this pull request Apr 7, 2026
Open
@dependabot dependabot Bot mentioned this pull request Apr 11, 2026
Closed
@dependabot dependabot Bot mentioned this pull request Apr 20, 2026
Closed
@dependabot dependabot Bot mentioned this pull request Apr 27, 2026
Closed
This was referenced May 11, 2026
Closed
Closed
Closed
Closed
Closed
Closed
Closed
This was referenced May 18, 2026
Closed
Closed
@dependabot dependabot Bot mentioned this pull request Jun 2, 2026
Closed
This was referenced Jun 15, 2026
Open
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cijothomas cijothomas cijothomas approved these changes

@vishweshbankwar vishweshbankwar Awaiting requested review from vishweshbankwar

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@TimothyMothra @ryan-shelby-byte @cijothomas