You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Environment (local platform and source/target platforms):
Steps to Reproduce:
Did this occur in prior versions? If not - which version(s) did it work in?
(DacFx/SqlPackage/SSMS/Azure Data Studio)
Observed multiple vulnerability in sqlpackage, please find the report below. most of the vulnerability is critical and high. could you please address those as soon as possible
verified latest build 162.3.566 but all vulnerabilities not yet resolved
I have attached report.
Util this fix we won't be able to use sqlpackage, azure sql managed instance and azure sql server for application.
Steps to Reproduce:
Did this occur in prior versions? If not - which version(s) did it work in?
(DacFx/SqlPackage/SSMS/Azure Data Studio)
Observed multiple vulnerability in sqlpackage, please find the report below. most of the vulnerability is critical and high. could you please address those as soon as possible
usr/openv/dbpaas/sqlpackage/sqlpackage.deps.json (dotnet-core)
Total: 8 (UNKNOWN: 0, LOW: 1, MEDIUM: 4, HIGH: 3, CRITICAL: 0)
┌───────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├───────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ Azure.Identity │ CVE-2024-29992 │ MEDIUM │ fixed │ 1.10.3 │ 1.11.0 │ Azure Identity Library for .NET Information Disclosure │
│ │ │ │ │ │ │ Vulnerability │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-29992 │
│ ├────────────────┤ │ │ ├────────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-35255 │ │ │ │ 1.11.4 │ azure-identity: Azure Identity Libraries Elevation of │
│ │ │ │ │ │ │ Privilege Vulnerability in │
│ │ │ │ │ │ │ github.com/Azure/azure-sdk-for-go/sdk/azidentity │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-35255 │
├───────────────────────────┤ │ │ ├───────────────────┼────────────────┤ │
│ Microsoft.Identity.Client │ │ │ │ 4.56.0 │ 4.60.4, 4.61.3 │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
│ ├────────────────┼──────────┤ │ ├────────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2024-27086 │ LOW │ │ │ 4.59.1, 4.60.3 │ MSAL.NET applications targeting Xamarin Android and .NET │
│ │ │ │ │ │ │ Android (MAUI) susceptible to local... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-27086 │
├───────────────────────────┼────────────────┼──────────┤ ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ System.Formats.Asn1 │ CVE-2024-38095 │ HIGH │ │ 5.0.0 │ 6.0.1, 8.0.1 │ dotnet: DoS when parsing X.509 Content and ObjectIdentifiers │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-38095 │
├───────────────────────────┼────────────────┤ │ ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ System.Private.Uri │ CVE-2019-0980 │ │ │ 4.3.0 │ 4.3.2 │ dotnet: infinite loop in Uri.TryCreate leading to ASP.Net │
│ │ │ │ │ │ │ Core Denial of Service... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-0980 │
│ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤
│ │ CVE-2019-0981 │ │ │ │ │ dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core │
│ │ │ │ │ │ │ Denial of Service │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-0981 │
│ ├────────────────┼──────────┤ │ │ ├──────────────────────────────────────────────────────────────┤
│ │ CVE-2019-0657 │ MEDIUM │ │ │ │ dotnet: Domain-spoofing attack in System.Uri │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-0657 │
└───────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴──────────────
The text was updated successfully, but these errors were encountered: