Vulnerability in an inner package

You are only bound to the vulnerable version if you let your dependency decide which version to take. If you add the nuget package yourself (so a fixed version of System.Net.Security, lets assume that’s 4.3.x) to your project will work with the new(er) package.

CLICK HERE to find out more related problems solutions.

Leave a Comment

Your email address will not be published.

Scroll to Top