Closed pmiddleton closed 5 months ago
EntityFramework 6.3.0 transitively uses System.data.sqlclient 4.7.0 which has a high level vulnerability CVE-2024-0056.
See https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056
Please upgrade to EntityFramework 6.5 when it releases this month to upgrade System.data.sqlclient to 4.8.6 which resolved this CVE
See https://learn.microsoft.com/en-us/ef/ef6/what-is-new/
https://github.com/scottksmith95/LINQKit/pull/200
StefH
commented
5 months ago StefH
commented
5 months ago
EntityFramework 6.3.0 transitively uses System.data.sqlclient 4.7.0 which has a high level vulnerability CVE-2024-0056.
See https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056
Please upgrade to EntityFramework 6.5 when it releases this month to upgrade System.data.sqlclient to 4.8.6 which resolved this CVE
See https://learn.microsoft.com/en-us/ef/ef6/what-is-new/