Vulnerability in System.Linq.Dynamic.Core - CVE-2023-32571

[boeschti]

Hi,

The package System.Linq.Dynamic.Core used in the latest version has a vulnerability and needs to be updated to at least 1.3.0

[boeschti]

Once you bump the System.Linq.Dynamic.Core to 1.3, there are failing unit tests though. They could be fixed as follows, unless you want to fix the underlying issue.

[abbasc52]

I am working on a PR to fix this. will update soon

[solutions-simplified]

@abbasc52

I recently upgrade from 4.0.0 to 5.0.1. I am getting errors across the board and it looks like it's related to this. In my Utils class I have static methods that take in strongly typed objects (see below). I keep getting a Common Language Runtime error when these rules execute. It appears to be because it can't actually execute my method in the Utils class. Suggestions?

My expression: customers.Where(CreatedDate >= CreatedFilter).Where(Utils.IsExistingEmail(Emails, Customer)).Count() < threshold

public static class Utils
{
    public static bool IsExistingEmail(ICollection<Email> emails, Customer customer)
    {
        if (emails is null || customer is null)
            return false;
			
			
	return emails.Any(x => x.Address.Contains(customer.Email));
    }
}	

[solutions-simplified]

I reviewed the Wiki but the examples shown with Utils is simple string parameters, but do not see any examples with extension methods utilizing strongly typed objects