Skip to content

Version 2.9.1 is reported as vulnerable #938

@NinjaCross

Description

@NinjaCross

Describe the bug
JetBrains Rider signal the 2.9.1 version as vulnerable.
It doesn't provide details on the motivation.
This is also mentioned here:
jeremylong/DependencyCheck#6048
jeremylong/DependencyCheck#6088

Unfortunately some of the projects/customers I'm working on/with refuse to use libraries with known vulnerabilities.
Is there a mitigation ?

Many thanks in advance for any suggestion.

To Reproduce
Just add the NuGet package to any project in Rider, and the warning will appear

Expected behavior
No vulnerabilities signaled

Screenshots
image

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions