File tree Expand file tree Collapse file tree 1 file changed +23
-2
lines changed
Expand file tree Collapse file tree 1 file changed +23
-2
lines changed Original file line number Diff line number Diff line change 1010 <PackageReference Include =" Microsoft.AspNetCore.OpenApi" Version =" 9.0.9"
1111 <PackageReference Include =" Serilog.AspNetCore" Version =" 10.0.0"
1212 <PackageReference Include =" Swashbuckle.AspNetCore" Version =" 7.2.0"
13- <!-- VULNERABLE DEPENDENCY FOR TESTING PURPOSES ONLY -->
14- <!-- This package has known security vulnerabilities - DO NOT USE IN PRODUCTION -->
13+
14+ <!-- ============================================ -->
15+ <!-- VULNERABLE DEPENDENCIES FOR GHAS TESTING ONLY -->
16+ <!-- These packages have known CVEs - DO NOT USE IN PRODUCTION -->
17+ <!-- Remove after GHAS/Dependabot testing is complete -->
18+ <!-- ============================================ -->
19+
20+ <!-- CVE-2024-21907: Denial of Service vulnerability -->
1521 <PackageReference Include =" Newtonsoft.Json" Version =" 9.0.1"
22+
23+ <!-- CVE-2018-8292: Information Disclosure vulnerability -->
24+ <PackageReference Include =" System.Net.Http" Version =" 4.3.0"
25+
26+ <!-- CVE-2019-0820: Denial of Service vulnerability -->
27+ <PackageReference Include =" System.Text.RegularExpressions" Version =" 4.3.0"
28+
29+ <!-- CVE-2019-0980, CVE-2019-0981: Remote Code Execution vulnerabilities -->
30+ <PackageReference Include =" System.Private.Uri" Version =" 4.3.0"
31+
32+ <!-- Multiple CVEs: Security vulnerabilities in older version -->
33+ <PackageReference Include =" Microsoft.Data.OData" Version =" 5.6.0"
34+
35+ <!-- CVE-2021-26701: Remote Code Execution vulnerability -->
36+ <PackageReference Include =" System.Net.Http.WinHttpHandler" Version =" 4.3.0"
1637 </ItemGroup >
1738
1839 <ItemGroup >
You can’t perform that action at this time.
0 commit comments