Akka.Hosting is vulnerable to CVE-2024-43485

**Version Information**

Version of Akka.Hosting? 1.5.31.1 and below

**Describe the bug**

`Akka.Hosting` is vulerable to [CVE-2024-43485](https://github.com/advisories/GHSA-8g4q-xg66-9fp4) because it has a minimum dependency to `Microsoft.Extensions.Hosting` v6.0.0, causing it to have transitive dependency to `System.Text.Json` v6.0.0.

**Workaround**

* If you're targetting .NET 6.0, add an explicit dependency to `System.Text.Json` v6.0.10
* If you're targetting .NET 8.0, add an explicit dependency to `System.Text.Json` v8.0.5

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Akka.Hosting is vulnerable to CVE-2024-43485 #528

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Akka.Hosting is vulnerable to CVE-2024-43485 #528

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions