A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka ‘Bond Denial of Service Vulnerability’. Handling of large container lengths that could cause an infinite loop when deserializing some payloads.
github.com/microsoft/bond
github.com/microsoft/bond/commit/3afea822c42dd0095fedb9e7db9ebb99165e7343
github.com/microsoft/bond/commit/b0fd4a15a7cae946dd2855122559ca59cc34dbea
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1469
nvd.nist.gov/vuln/detail/CVE-2020-1469
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1469
www.nuget.org/packages/Bond.Core.CSharp/9.0.1