Skip to content

CG alert on Newtonsoft.Json 13.0.1 #1408

New issue
New issue
Open
Open
CG alert on Newtonsoft.Json 13.0.1#1408
Labels
area-packagesRelated to the specific packages (external, reference, target and text-only)ops-monitorIssues created/handled by the source build monitor role
@MichaelSimons

Description

@MichaelSimons
MichaelSimons
opened on Oct 13, 2025

Details:

CVE-2024-21907

Description
Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.

Location
/src/externalPackages/src/azure-activedirectory-identitymodel-extensions-for-dotnet/build/cgmanifest.json

Tracking issue for AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3350.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area-packagesRelated to the specific packages (external, reference, target and text-only)ops-monitorIssues created/handled by the source build monitor role

    Type

    No type

    Projects

    .NET Source Build

    Status

    Blocked

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions