search

KDWSS / Community.Activities

Repository of Windows Workflow Foundation Activities for UiPath Community
https://www.uipath.com/community
0 stars 0 forks source link

WS-2022-0377 (Medium) detected in system.data.sqlclient.4.8.2.nupkg - autoclosed #12

Closed mend-for-github-com[bot] closed 2 years ago

mend-for-github-com[bot] commented 2 years ago

WS-2022-0377 - Medium Severity Vulnerability

Vulnerable Library - system.data.sqlclient.4.8.2.nupkg

Provides the data provider for SQL Server. These classes provide access to versions of SQL Server an...

Library home page: https://api.nuget.org/packages/system.data.sqlclient.4.8.2.nupkg

Path to dependency file: /Activities/Database/ConnectionDialog/UiPath.Data.ConnectionUI.Dialog/UiPath.Data.ConnectionUI.Dialog.csproj

Path to vulnerable library: /s/system.data.sqlclient/4.8.2/system.data.sqlclient.4.8.2.nupkg,/s/system.data.sqlclient/4.8.2/system.data.sqlclient.4.8.2.nupkg,/dotnet_IHUFNZ/20211026155600/system.data.sqlclient/4.8.2/system.data.sqlclient.4.8.2.nupkg,/tmp/ws-ua_20211026155600_JLFTAT/dotnet_IHUFNZ/20211026155600/system.data.sqlclient/4.8.2/system.data.sqlclient.4.8.2.nupkg

Dependency Hierarchy: - :x: **system.data.sqlclient.4.8.2.nupkg** (Vulnerable Library)

Found in HEAD commit: 0c6513d8fe51047cbb7f6a41f2c1a1a25712e96a

Found in base branch: develop

Vulnerability Details

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET, .NET Core and .NET Framework's System.Data.SqlClient and Microsoft.Data.SqlClient NuGet Packages. A vulnerability exists in System.Data.SqlClient and Microsoft.Data.SqlClient libraries where a timeout occurring under high load can cause incorrect data to be returned as the result of an asynchronously executed query.

Publish Date: 2022-11-09

URL: WS-2022-0377

CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-8g2p-5pqh-5jmc

Release Date: 2022-11-09

Fix Resolution: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5

:rescue_worker_helmet: Automatic Remediation is available for this issue

mend-for-github-com[bot] commented 2 years ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.