Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Microsoft.Data.SqlClient 5.2.0 depends on Azure.Identity 1.10.3 with CVE-2024-29992 vulnerability #2460

Closed
Banner-Keith opened this issue Apr 11, 2024 · 2 comments
Closed

Microsoft.Data.SqlClient 5.2.0 depends on Azure.Identity 1.10.3 with CVE-2024-29992 vulnerability #2460

Banner-Keith opened this issue Apr 11, 2024 · 2 comments
Projects
SqlClient v5.2.1 hotfix SqlClient v5.1.6 hotfix SqlClient v4.0.6 hotfix SqlClient v3.1.6 hotfix SqlClient Triage Board

Comments

@Banner-Keith
Copy link

This CVE just got published.

Please publish a new patch of Microsoft.Data.SqlClient that depends on Azure.Identity 1.11.0.
JRahnama added a commit to JRahnama/SqlClient that referenced this issue Apr 11, 2024
@JRahnama
Change | Updating Azure.Identity version to 1.11.0
6f981ef 
Addresses the issue mentioned at dotnet#2460
@JRahnama JRahnama mentioned this issue Apr 11, 2024
Merged
@JRahnama JRahnama added this to Needs triage in SqlClient Triage Board via automation Apr 11, 2024
@JRahnama
Copy link
Member

@Banner-Keith Thanks for bringing this up. PR #2462 is created to address this issue.

@JRahnama JRahnama removed this from Needs triage in SqlClient Triage Board Apr 17, 2024
@JRahnama JRahnama added this to Needs triage in SqlClient Triage Board via automation Apr 17, 2024
@JRahnama JRahnama moved this from Needs triage to Under Investigation in SqlClient Triage Board Apr 17, 2024
@DavoudEshtehari
Copy link
Member

Closing by PR #2462

SqlClient Triage Board automation moved this from Under Investigation to Closed May 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
SqlClient Triage Board
  
Closed
SqlClient v3.1.6 hotfix
To do
SqlClient v4.0.6 hotfix
To do
SqlClient v5.1.6 hotfix
To Do
SqlClient v5.2.1 hotfix
To do
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Banner-Keith @JRahnama @DavoudEshtehari