khellang/Scrutor

System.text.json vulnerability on v5.0.1

Closed this issue · 1 comments

Right now v5.0.1 uses Microsoft.Extensions.DependencyModel v8.0.1.
This package has a dependency to system.text.json v8.0.4 which is marked as vulnerable CVE-2024-43485

Solution would be to upgrade Microsoft.Extensions.DependencyModel to v8.0.2

Seems like this was fixed in 5.0.2 by #236