Reproduction Steps
Scan Azure.Identity@1.3.0 Nuget Package with any dependency checker tool.
Scan Akka.Persistence.SqlServer@1.5.13 with any software composition tool.
Environment:
Found in Akka.Persistence.SqlServer@1.4.35. Affects the latest version 1.5.13.
Description: We've found https://github.com/advisories/GHSA-5mfx-4wcx-rv27 in
pkg:nuget/Azure.Identity@1.3.0
used byMicrosoft.Data.SqlClient@3.0.1
.Expected behavior Vulnerability must be solved by upgrading the dependencies once available.
Actual behavior There is a Remote Code Execution Vulnerability (https://github.com/advisories/GHSA-5mfx-4wcx-rv27) reported by our Software Composition Analysis (SCA).
Reproduction Steps Scan
Azure.Identity@1.3.0
Nuget Package with any dependency checker tool. ScanAkka.Persistence.SqlServer@1.5.13
with any software composition tool.Environment: Found in
Akka.Persistence.SqlServer@1.4.35
. Affects the latest version 1.5.13.