Gil Mirmovitch

**Name of the Vulnerable Software and Affected Versions** Newtonsoft.Json versions prior to 13.0.1 **Description** The issue is related to a mishandling of exceptional conditions vulnerability in the Newtonsoft.Json library. Crafted data passed to the `JsonConvert.DeserializeObject` method may trigger a StackOverflow exception, resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition. The vulnerability can be exploited by passing highly nested JSON data, which can cause high CPU and RAM usage or a StackOverflow exception. **Recommendations** To mitigate the issue, update Newtonsoft.Json to version 13.0.1 or set the `MaxDepth` parameter in the `JsonSerializerSettings` to a suitable value, such as 128, to prevent excessive nesting. This can be done globally with the following statement: `JsonConvert.DefaultSettings = () => new JsonSerializerSettings { MaxDepth = 128 };`

**Name of the Vulnerable Software and Affected Versions** Microsoft.Data.OData (affected versions not specified) **Description** The issue is related to errors in handling requests in the OData library. It may allow a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.