Skip to content

SWI-3723 [Snyk] Fix for 16 vulnerabilities #786

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
bwappsec wants to merge 1 commit into
base: master
Choose a base branch
from
Open

SWI-3723 [Snyk] Fix for 16 vulnerabilities #786

bwappsec wants to merge 1 commit into from

Conversation

@bwappsec
Copy link

@bwappsec bwappsec commented Dec 11, 2025

snyk-top-banner

Snyk has created this PR to fix 16 vulnerabilities in the nuget dependencies of this project.

Snyk changed the following file(s):

  • samples/server/petstore/fsharp-functions/OpenAPI/OpenAPI.fsproj

Merge Risk: High

The upgrade of Newtonsoft.Json from version 12.x to 13.x is a major version change and introduces breaking changes.

  • Deserialization Behavior: A key breaking change affects deserialization logic. Classes using the [JsonExtensionData] attribute without a default constructor may now throw a JsonSerializationException. [3]
  • Binding Redirects: Ensure that application configuration files (e.g., app.config, web.config) have their binding redirects for Newtonsoft.Json updated to version 13.0.0.0. [10]

The Microsoft.NETCore.App upgrade is a low-risk security patch for an end-of-life framework. [6, 8]

Source: Newtonsoft.Json GitHub Issue

Recommendation: Thoroughly test deserialization logic, especially for classes that use [JsonExtensionData] or custom constructors. Verify and update assembly binding redirects before merging.

Notice 🤖: This content was generated using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
critical severity Remote Code Execution (RCE)
SNYK-DOTNET-MICROSOFTNETCOREAPP-584431		   921  
high severity Insecure Defaults
SNYK-DOTNET-NEWTONSOFTJSON-2774678		   273  
high severity Remote Code Execution (RCE)
SNYK-DOTNET-MICROSOFTNETCOREAPP-541850		   254  
high severity Security Bypass
SNYK-DOTNET-MICROSOFTNETCOREAPP-610168		   252  
high severity Privilege Escalation
SNYK-DOTNET-MICROSOFTNETCOREAPP-174572		   241  
high severity Authentication Bypass by Spoofing
SNYK-DOTNET-MICROSOFTNETCOREAPP-173754		   207  
high severity Denial of Service (DoS)
SNYK-DOTNET-MICROSOFTNETCOREAPP-541849		   199  
medium severity Denial of Service (DoS)
SNYK-DOTNET-MICROSOFTNETCOREAPP-72895		   178  
high severity Denial of Service (DoS)
SNYK-DOTNET-MICROSOFTNETCOREAPP-598231		   171  
high severity Denial of Service (DoS)
SNYK-DOTNET-MICROSOFTNETCOREAPP-174710		   161  
high severity Denial of Service (DoS)
SNYK-DOTNET-MICROSOFTNETCOREAPP-569073		   159  
high severity Denial of Service (DoS)
SNYK-DOTNET-MICROSOFTNETCOREAPP-1540881		   156  
medium severity Denial of Service (DoS)
SNYK-DOTNET-MICROSOFTNETCOREAPP-3092931		   130  
medium severity Cross-site Request Forgery (CSRF)
SNYK-DOTNET-MICROSOFTNETCOREAPP-174571		   121  
medium severity Open Redirect
SNYK-DOTNET-MICROSOFTNETCOREAPP-451559		   82  
medium severity Information Exposure
SNYK-DOTNET-MICROSOFTNETCOREAPP-1540883		   61  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Cross-site Request Forgery (CSRF)
🦉 Privilege Escalation
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: samples/server/petstore/fsharp-functions/OpenAPI/OpenAPI.fsproj …
23849a3 
…to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DOTNET-MICROSOFTNETCOREAPP-584431
- https://snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678
- https://snyk.io/vuln/SNYK-DOTNET-MICROSOFTNETCOREAPP-541850
- https://snyk.io/vuln/SNYK-DOTNET-MICROSOFTNETCOREAPP-610168
- https://snyk.io/vuln/SNYK-DOTNET-MICROSOFTNETCOREAPP-174572
- https://snyk.io/vuln/SNYK-DOTNET-MICROSOFTNETCOREAPP-173754
- https://snyk.io/vuln/SNYK-DOTNET-MICROSOFTNETCOREAPP-541849
- https://snyk.io/vuln/SNYK-DOTNET-MICROSOFTNETCOREAPP-72895
- https://snyk.io/vuln/SNYK-DOTNET-MICROSOFTNETCOREAPP-598231
- https://snyk.io/vuln/SNYK-DOTNET-MICROSOFTNETCOREAPP-174710
- https://snyk.io/vuln/SNYK-DOTNET-MICROSOFTNETCOREAPP-569073
- https://snyk.io/vuln/SNYK-DOTNET-MICROSOFTNETCOREAPP-1540881
- https://snyk.io/vuln/SNYK-DOTNET-MICROSOFTNETCOREAPP-3092931
- https://snyk.io/vuln/SNYK-DOTNET-MICROSOFTNETCOREAPP-174571
- https://snyk.io/vuln/SNYK-DOTNET-MICROSOFTNETCOREAPP-451559
- https://snyk.io/vuln/SNYK-DOTNET-MICROSOFTNETCOREAPP-1540883
@bwappsec bwappsec changed the title [Snyk] Fix for 16 vulnerabilities SWI-3723 [Snyk] Fix for 16 vulnerabilities Dec 11, 2025
@bwappsec
Copy link
Author

bwappsec commented Dec 11, 2025
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bwappsec @snyk-bot