CVE-2023-29402 critical vulnerability

microsoft / go-sqlcmd

The new sqlcmd, CLI for SQL Server and Azure SQL (winget install sqlcmd / sqlcmd create mssql / sqlcmd open ads)

https://learn.microsoft.com/sql/tools/sqlcmd/go-sqlcmd-utility

MIT License

323 stars 56 forks source link

CVE-2023-29402 critical vulnerability #499

Closed skStavir closed 5 months ago

skStavir commented 5 months ago

The latest version 1.5.0 has a golang version that has the following critical vulnerabilities. CVE-2023-29402 CVE-2023-29538 CVE-2023-29405 CVE-2023-29404

shueybubbles commented 5 months ago

We aren't using cgo . Does the vulnerability apply?