CVE-2020-1469: Unrestricted Upload of File with Dangerous Type
A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka ‘Bond Denial of Service Vulnerability’.
References
- github.com/advisories/GHSA-rqrc-8q8f-cp9c
- github.com/microsoft/bond/commit/3afea822c42dd0095fedb9e7db9ebb99165e7343
- github.com/microsoft/bond/commit/b0fd4a15a7cae946dd2855122559ca59cc34dbea
- msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1469
- nvd.nist.gov/vuln/detail/CVE-2020-1469
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1469
- www.nuget.org/packages/Bond.Core.CSharp/9.0.1
Detect and mitigate CVE-2020-1469 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →