CVE-2024-0056 (High) detected in microsoft.data.sqlclient.5.1.2.nupkg
mend-bolt-for-github opened this issue · 0 comments
CVE-2024-0056 - High Severity Vulnerability
Vulnerable Library - microsoft.data.sqlclient.5.1.2.nupkg
Provides the data provider for SQL Server.
Library home page: https://api.nuget.org/packages/microsoft.data.sqlclient.5.1.2.nupkg
Path to dependency file: /ReactiveETL.Tests/ReactiveETL.Tests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.data.sqlclient/5.1.2/microsoft.data.sqlclient.5.1.2.nupkg
Dependency Hierarchy:
- ❌ microsoft.data.sqlclient.5.1.2.nupkg (Vulnerable Library)
Found in HEAD commit: 875f50bee4e18f3fd2d577375af89f3205243c0f
Found in base branch: master
Vulnerability Details
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
Publish Date: 2024-01-09
URL: CVE-2024-0056
CVSS 3 Score Details (8.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-98g6-xh36-x2p7
Release Date: 2024-01-09
Fix Resolution: Microsoft.Data.SqlClient - 2.1.7,3.1.5,4.0.5,5.1.3, System.Data.SqlClient - 4.8.6
Step up your Open Source Security Game with Mend here