Security Advisory Id GHSA-9cvc-h2w8-phrp
This advisory discloses a security vulnerability Patches for components to update their dependencies to avoid references that have the GHSA-9cvc-h2w8-phrp security advisory: AWS SDK for .NET V4 adopted defense in depth enhancement for region parameter value.
Patch releases
| Component | Version | Where to get it |
|---|---|---|
| NServiceBus.AmazonSQS | 8.0.1 | NuGet |
| NServiceBus.AmazonSQS.CommandLine | 8.0.1 | NuGet or dotnet tool update --g NServiceBus. |
| NServiceBus.Persistence.DynamoDB | 3.0.1 | NuGet |
| NServiceBus.Persistence.DynamoDB.TransactionalSession | 3.0.1 | NuGet |
| NServiceBus.AwsLambda.Sqs | 3.0.1 | NuGet |
How to know if you are affected
You are affected if you are using previous versions of any of these components, but this doesn't necessarily mean you are vulnerable.
Symptoms
For NuGet packages your projects have the setting NuGetAuditMode set to all and see transitive dependency warnings at build time that mention Particular packages.
Other components of the platform will not have any symptoms.
When to upgrade
You should upgrade immediately if you are affected. Otherwise, you should upgrade during your next maintenance window.