Request to upgrade System.Text.RegularExpressions referenced in the sdk from 4.3.0 to 4.3.1.
vnagalingam opened this issue · 1 comments
Issue Summary
Running a SCA scan ( veracode) on twilio-sharp package reports the following vulnerability
Denial Of Service (DoS)
.NET Core is vulnerable to denial of service (DoS). It is due to lack of timeouts enforcement for regular expressions.
7.0
High
Data Source: Public Disclosure
Vulnerability ID: CVE-2019-0820
Details
Affected Library: System.Text.RegularExpressions, NUGET, system.text.regularexpressions
Type: Transitive dependency
Affected Version In Use: 4.3.0
Released On: 15 Nov 2016 00:00AM GMT
Suggested Fix
This issue was fixed in version 4.3.1 of System.Text.RegularExpressions. That version is currently considered safe, we suggest that you upgrade to the fixed version.
Technical details:
- twilio-csharp version: 5.71.0
- csharp version: net5.0
This issue has been added to our internal backlog to be prioritized. Pull requests and +1s on the issue summary will help it move up the backlog.