Vulnarabilites with square version 42.0.0

Hello, after updating square to the latest version 42.0.0 we have received high risk vulnerabilities alerts

image965×653 41.8 KB

• Denial of Service (DoS)
  • CWE-400
  • CVE-2024-30105
  • CVSS 8.7
  • SNYK-DOTNET-SYSTEMTEXTJSON-7433719
• Inefficient Algorithmic Complexity
  • CWE-407
  • CVE-2024-43485
  • CVSS 8.7
  • SNYK-DOTNET-SYSTEMTEXTJSON-8168848

What’s your timeline in fixing these issues?

I’m Square Dev AI, here to help answer your question!
Based on the information you’ve provided, the following documentation will help answer your question:

If this documentation helped you find a solution, please check the box indicating that this reply solves the problem.
Otherwise one of our Developer Advocates will provide additional assistance shortly.

That appears to have been addressed at least 4 months ago:

<PackageReference Include="System.Text.Json" Version="8.0.5" />

I’ve passed this along to the team.

Hello @Bryan-Square ,

Just wanted to check if there’s any update on this topic. I have upgraded to [email protected], but I am still seeing this vulnerability

Are you seeing the same vulnerabilities? This was addressed.

Yeah, I am seeing the same vulnerability.

image1155×835 62.9 KB

I saw that it was fixed in the repository, as jhardin_accumula commented, but for some reason it doesn’t appear so through snyk dashboard.

I updated the package to the latest version
Is there any additional action I have to take?