Share via

System.Text.Json is vulnerable

ChuckieAJ 316 Reputation points
2024-07-16T15:44:31.5566667+00:00

According to NuGet Package Manager:

User's image

When will this vulnerability be addressed? I see there is now a System.Text.Json version 8.0.4 which does not have the vulnerability status.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,580 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Drew Jenkel 0 Reputation points
    2024-08-11T19:32:32.2133333+00:00

    I also have this issue. It appears the latest version that is NOT vulnerable is 6.0.9?

    Are we expected to downgrade our code to 6.0.9?

  2. Anupam Singh 0 Reputation points
    2024-08-20T05:34:16.6766667+00:00

    Here's how to solve this:
    The latest is not visible because it is tied to newer .net 8 SDK . ( .net sdk 8.0.401 release)
    Download the latest for your Vstudio from here
    https://dotnet.microsoft.com/en-us/download/visual-studio-sdks
    Then reload your project ( or close/ open VS)
    You'll see the latest non-vulnerable 8.0.4 (as of today)

    0 comments
  3. José Alvarez Pumarino 1 Reputation point
    2024-11-27T18:10:42.8733333+00:00

    You need to add the reference manually to your csproj file to solve the vulnerability. You need first to look at https://www.nuget.org/ to find the more recent versions of that library and try one that solves your issue, for example:

    <PackageReference Include="System.Text.Json" Version="8.0.5" />
    0 comments
  4. Timothy Quinn 1 Reputation point
    2025-02-02T23:14:54.61+00:00

    You may need to restart Visual Studio to correct this. I had 9.0.1 installed but I still got the warnings. A restart cleared the message.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.