I am scanning the OSS-index for all used packages of our .net project by using a tool that also includes transitive packages (hence the indirect dependencies). With the tools the following vulnerability shows up
[3/373] Microsoft.Data.OData 5.8.2 [VULNERABLE] 1 known vulnerabilities, 1 affecting installed package version(s): [5.8.2]
--[1/1] [CVE-2018-8269] Data Handling
--Description:
--A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affects
Microsoft.Data.OData.
5.8.2
--Id: 7688cf24-9da8-4906-b18c-0fa0ea4bfca8
--Reference: [cannot submit question with a link so have removed it]
--Provided by: OSS Index
If I am not mistaken, this comes from the package Microsoft.HPC.SDK (5.3.6437) that seems to have an indirect dependency with it. Any chance that this can be fixed? The subsequent package on NuGet is not compatible with 2016 update 3 so that I cannot use.
