VS 2022 Reveals System.Runtime.CompilerServices.Unsafe Vulnerability

Vulnerability

Vulnerability

Today, while updating Windows on Patch Tuesday and releasing the latest version of Visual Studio 17.8 and .NET 8 LTS, I upgraded some legacy systems developed with ASP.NET WebForms, now utilizing C# 12. During this procedure, I encountered a significant problem thanks to a new feature of Visual Studio in the NuGet package update that draws particular attention and filters vulnerable packages. It led me to discover an out-of-date package, "System.Runtime.CompilerServices.Unsafe", version 7.0.0-preview.2.22152.2, which had escaped my attention until now.

Installed

Above, the vulnerability alert icon shows only the vulnerable option.

To close this security hole, I rolled back to version 6.0 of the package, which was released before the vulnerability was discovered. Consequently, the compilation process is no longer accompanied by the error notice "Consider app.config remapping of assembly 'System.Runtime.CompilerServices.Unsafe.

I want to thank the Microsoft team for implementing this helpful filter that assists us in identifying and addressing any security issues in our projects. In addition, I would like to provide a valuable piece of advice to everyone who is working with ASP.NET WebForms and intends to migrate to C# 12 to get the new language options: make sure to maintain vigilance over package updates, mainly when dealing with legacy systems, to guarantee the safety and reliability of your applications.


Similar Articles