Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remote Code Execution Vulnerability #2231

Closed
albahari opened this issue Nov 20, 2023 · 2 comments
Closed

Remote Code Execution Vulnerability #2231

albahari opened this issue Nov 20, 2023 · 2 comments
Labels
2️⃣ Duplicate Issue/PR that is a duplicate and already exists.

Comments

@albahari
Copy link

The current Microsoft.Data.SqlClient packages (release 5.1.2 & preview 5.2.0-preview3.23201.1) have Remote Code Execution Vulnerability CVE-2023-36414 through a dependency on Azure.Identity 1.7.0/1.8.0.

This also affects downstream packages such as Microsoft.EntityFrameworkCore.SqlServer.

You can fix this by updating to Azure.Identity 1.10.2 or later.
@JRahnama JRahnama added the 2️⃣ Duplicate Issue/PR that is a duplicate and already exists. label Nov 20, 2023
@JRahnama
Copy link
Contributor

Closing as duplicate of many other closed issues. such as #2195. Fix is already merged in our main branch and will be available in our next preview and GA release.

@ErikEJ
Copy link
Contributor

ErikEJ commented Nov 20, 2023

And in 5.1.4 as I understand it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2️⃣ Duplicate Issue/PR that is a duplicate and already exists.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ErikEJ @albahari @JRahnama