Request to upgrade System.Text.RegularExpressions referenced in the sdk from 4.3.0 to 4.3.1. #599
Labels
difficulty: easy
fix is easy in difficulty
status: help wanted
requesting help from the community
type: community enhancement
feature request not on Twilio's roadmap
Comments
|
This issue has been added to our internal backlog to be prioritized. Pull requests and +1s on the issue summary will help it move up the backlog. |
childish-sambino
added
difficulty: easy
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue Summary
Running a SCA scan ( veracode) on twilio-sharp package reports the following vulnerability
Denial Of Service (DoS)
.NET Core is vulnerable to denial of service (DoS). It is due to lack of timeouts enforcement for regular expressions.
7.0
High
Data Source: Public Disclosure
Vulnerability ID: CVE-2019-0820
Details
Affected Library: System.Text.RegularExpressions, NUGET, system.text.regularexpressions
Type: Transitive dependency
Affected Version In Use: 4.3.0
Released On: 15 Nov 2016 00:00AM GMT
Suggested Fix
This issue was fixed in version 4.3.1 of System.Text.RegularExpressions. That version is currently considered safe, we suggest that you upgrade to the fixed version.
Technical details:
The text was updated successfully, but these errors were encountered: