Skip to content

Commit 47e651e

Browse files
claudeclaude
committed
Fix security vulnerabilities in JWT packages
Added explicit package references to override vulnerable transitive dependencies: - Microsoft.IdentityModel.JsonWebTokens: 8.2.1 (fixes GHSA-59j7-ghrg-fj52 / CVE-2024-21319) - System.IdentityModel.Tokens.Jwt: 8.2.1 (fixes GHSA-59j7-ghrg-fj52 / CVE-2024-21319) These packages override the vulnerable 7.0.3 versions that were coming from transitive dependencies. The vulnerability (CVE-2024-21319) is a Denial of Service issue affecting JWT-based authentication tokens, allowing unauthenticated clients to consume excessive server memory.
1 parent 62412b1 commit 47e651e

File tree

3 files changed

+9
-0
lines changed

3 files changed

+9
-0
lines changed

src/NosCore.ParserInputGenerator.Launcher/NosCore.ParserInputGenerator.Launcher.csproj

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,11 @@
1010
<OutputPath>..\..\build\</OutputPath>
1111
</PropertyGroup>
1212

13+
<ItemGroup>
14+
<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.2.1" />
15+
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.2.1" />
16+
</ItemGroup>
17+
1318
<ItemGroup>
1419
<ProjectReference Include="..\NosCore.ParserInputGenerator\NosCore.ParserInputGenerator.csproj" />
1520
</ItemGroup>

src/NosCore.ParserInputGenerator/NosCore.ParserInputGenerator.csproj

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,10 +41,12 @@
4141
<ItemGroup>
4242
<PackageReference Include="Microsoft.Extensions.Hosting" Version="10.0.0" />
4343
<PackageReference Include="Microsoft.Extensions.Http" Version="10.0.0" />
44+
<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.2.1" />
4445
<PackageReference Include="NosCore.Shared" Version="5.0.0" />
4546
<PackageReference Include="Serilog" Version="4.3.0" />
4647
<PackageReference Include="Serilog.Extensions.Hosting" Version="9.0.0" />
4748
<PackageReference Include="SharpZipLib" Version="1.4.2" />
49+
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.2.1" />
4850
</ItemGroup>
4951

5052
<ItemGroup>

test/NosCore.ParserInputGenerator.Tests/NosCore.ParserInputGenerator.Tests.csproj

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,11 @@
77
</PropertyGroup>
88

99
<ItemGroup>
10+
<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.2.1" />
1011
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="18.0.1" />
1112
<PackageReference Include="MSTest.TestAdapter" Version="4.0.2" />
1213
<PackageReference Include="MSTest.TestFramework" Version="4.0.2" />
14+
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.2.1" />
1315
<PackageReference Include="coverlet.collector" Version="6.0.4">
1416
<PrivateAssets>all</PrivateAssets>
1517
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>

0 commit comments

Comments
 (0)