I also have this issue. It appears the latest version that is NOT vulnerable is 6.0.9?
Are we expected to downgrade our code to 6.0.9?
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
According to NuGet Package Manager:
When will this vulnerability be addressed? I see there is now a System.Text.Json version 8.0.4 which does not have the vulnerability status.
I also have this issue. It appears the latest version that is NOT vulnerable is 6.0.9?
Are we expected to downgrade our code to 6.0.9?
Here's how to solve this:
The latest is not visible because it is tied to newer .net 8 SDK . ( .net sdk 8.0.401 release)
Download the latest for your Vstudio from here
https://dotnet.microsoft.com/en-us/download/visual-studio-sdks
Then reload your project ( or close/ open VS)
You'll see the latest non-vulnerable 8.0.4 (as of today)