Zoltan Csizmadia created AVRO-3874:
--------------------------------------
Summary: Bump minimum Newtonsoft version because of severe
vulnerability
Key: AVRO-3874
URL: https://issues.apache.org/jira/browse/AVRO-3874
Project: Apache Avro
Issue Type: Improvement
Components: csharp
Reporter: Zoltan Csizmadia
Fix For: 1.11.4
Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due
to improper handling of expressions with high nesting level that lead to
StackOverFlow exception or high CPU and RAM usage. Exploiting this
vulnerability results in Denial Of Service (DoS).
https://github.com/advisories/GHSA-5crp-9r3c-p9vr
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
