Azure Identity SDK Remote Code Execution Vulnerability (CVE-2023-36414)

[josetirablaz]

Description: We've found https://github.com/advisories/GHSA-5mfx-4wcx-rv27 in pkg:nuget/Azure.Identity@1.3.0 used by Microsoft.Data.SqlClient@3.0.1.

Expected behavior Vulnerability must be solved by upgrading the dependencies once available.

Actual behavior There is a Remote Code Execution Vulnerability (https://github.com/advisories/GHSA-5mfx-4wcx-rv27) reported by our Software Composition Analysis (SCA).

Reproduction Steps Scan Azure.Identity@1.3.0 Nuget Package with any dependency checker tool. Scan Akka.Persistence.SqlServer@1.5.13 with any software composition tool.

Environment: Found in Akka.Persistence.SqlServer@1.4.35. Affects the latest version 1.5.13.

[Aaronontheweb]

@josetirablaz thanks, we'll need to update this