Skip to content

[Vulnerability] Newtonsoft.Json dependency on Microsoft.Azure.CognitiveServices.Vision.ComputerVision #49877

New issue
New issue
Open
Open
[Vulnerability] Newtonsoft.Json dependency on Microsoft.Azure.CognitiveServices.Vision.ComputerVision#49877
Labels
ClientThis issue points to a problem in the data-plane of the library.Cognitive - Computer VisionService AttentionWorkflow: This issue is responsible by Azure service team.customer-reportedIssues that are reported by GitHub users external to the Azure organization.needs-team-attentionWorkflow: This issue needs attention from Azure service team or SDK teamquestionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
@igoravila-net

Description

@igoravila-net
igoravila-net
opened on May 7, 2025

The latest Microsoft.Azure.CognitiveServices.Vision.ComputerVision version is 7.0.1 which has a Newtonsoft.Json dependency that uses v10.0.3 which is vulnerable
I'm running a SAST scan that recommends to update Newtonsoft.Json to v13.0.1 but the dev team can't make this update
How can I mitigate this vulnerability?

Metadata

Metadata

Assignees

No one assigned

    Labels

    ClientThis issue points to a problem in the data-plane of the library.Cognitive - Computer VisionService AttentionWorkflow: This issue is responsible by Azure service team.customer-reportedIssues that are reported by GitHub users external to the Azure organization.needs-team-attentionWorkflow: This issue needs attention from Azure service team or SDK teamquestionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions