HAKOM PowerTSM® Documentation

TSM .NET API

Status as of


The following known vulnerabilities were found:


CVE ID

Severity

Package

Details

Summary

Mitigation

CVE-2024-21907

High

Newtonsoft.Json

https://github.com/advisories/GHSA-5crp-9r3c-p9vr

Newtonsoft.Json prior to version 13.0.1 is vulnerable to due to improper handling of expressions with high nesting level that lead to StackOverFlow exceptions or high CPU and RAM usage. Exploiting this vulnerability may result in denial of service (DoS).

The vulnerable package is not used by HAKOM products but transitively by another package. Since we are using a higher version ourselves for deserialization, HAKOM products are not affected. An update to the package depending on the vulnerable version of Newtonsoft.Json is being worked on and will be used by HAKOM as soon as possible.