search

dotnet / SqlClient

Microsoft.Data.SqlClient provides database connectivity to SQL Server for .NET applications.
MIT License
817 stars 271 forks source link

CVE-2024-35255 - Azure.Identity upgrade to 1.12.0 latest package #2609

Closed rsrinivasanhome closed 1 week ago

rsrinivasanhome commented 1 week ago

When we scan the package sql client on BDHub the vulnerability CVE-2024-35255 is detected https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255 Upgrade to https://www.nuget.org/packages/Azure.Identity/1.12.0 - Latest version

JRahnama commented 1 week ago

1.11.4 does not have any vulnerability and it will be addressed in next preview release and also hotfixes will back port it to supported version(s).

Closing as duplicate of #2568