HAKOM PowerTSM® Documentation

TSM App

Status as of


The following known vulnerabilities were found:


CVE ID

Severity

Package

Details

Summary

Mitigation

CVE-2024-21907

High

Newtonsoft.Json

https://github.com/advisories/GHSA-5crp-9r3c-p9vr

Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of expressions with high nesting level that lead to StackOverFlow exception or high CPU and RAM usage. Exploiting this vulnerability results in Denial Of Service (DoS).

The vulnerability occurs through a transitive package. Since we are using a higher version ourselves, the vulnerability should not occur in practice. An update to the original package is being worked on and will be available in the next major release.