Closed JerryNixon closed 6 days ago
https://scout.docker.com/vulnerabilities/id/CVE-2024-35255?s=github&n=Microsoft.Identity.Client&t=nuget&vr=%3E%3D4.49.1%2C%3C4.60.4&utm_source=desktop&utm_medium=ExternalLink
mcr.microsoft.com/azure-databases/data-api-builder:latest
Azure SQL
Local (including CLI)
REST, GraphQL
CVE-2024-35255 CWE-362 5.5 M Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability. CVSS Score: 5.5 EPSS Score: 0.00043 (0.103) CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected range: >=4.49.1,<4.60.4 Fix version: 4.61.3 Publish date: 2024-06-11
New Docker image published. Consume via:
docker pull mcr.microsoft.com/azure-databases/data-api-builder:1.2.11
https://mcr.microsoft.com/en-us/product/azure-databases/data-api-builder/tags
What happened?
https://scout.docker.com/vulnerabilities/id/CVE-2024-35255?s=github&n=Microsoft.Identity.Client&t=nuget&vr=%3E%3D4.49.1%2C%3C4.60.4&utm_source=desktop&utm_medium=ExternalLink
Version
mcr.microsoft.com/azure-databases/data-api-builder:latest
What database are you using?
Azure SQL
What hosting model are you using?
Local (including CLI)
Which API approach are you accessing DAB through?
REST, GraphQL
Relevant log output
Code of Conduct