Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] CVE-2024-43483 Security Vulnerability #320

Closed
konradgadecki opened this issue Oct 22, 2024 · 2 comments
Closed

[BUG] CVE-2024-43483 Security Vulnerability #320

konradgadecki opened this issue Oct 22, 2024 · 2 comments

Comments

@konradgadecki
Copy link

Describe the bug

We found security vulnerability of Microsoft.Extensions.Caching.Memory ver 8.0.0 that latest version of FusionCache uses:
CVE-2024-43483, severity is high.

Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43483

version 8.0.1 of Microsoft.Extensions.Caching.Memory fixes it.

To Reproduce

Run any vulnerability scanner like Trivy agains latest version of FusionCache v1.4.0

Expected behavior

Please update Microsoft.Extensions.Caching.Memory to 8.0.1 (or higher if available)

Versions

I've encountered this issue on:

  • FusionCache version 1.4.0
  • .NET version 8
  • OS version N/A

Screenshots

This report comes from Trivy vulnerability scanner:

image

Additional context

N/A

@jodydonetti
Copy link
Collaborator

Thanks! I think it's the same as this already existing PR.
Will merge soon and release a minor version.

@jodydonetti
Copy link
Collaborator

Fixed with v1.4.1.
Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants