Headline
GHSA-98g6-xh36-x2p7: Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
Skip to content
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
- Pricing
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2024-0056
Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass
High severity GitHub Reviewed Published Jan 9, 2024 to the GitHub Advisory Database • Updated Jan 16, 2024
Package
nuget Microsoft.Data.SqlClient (NuGet)
Affected versions
< 2.1.7
>= 3.0.0, < 3.1.5
>= 4.0.0, < 4.0.5
>= 5.0.0, < 5.1.3
Patched versions
2.1.7
3.1.5
4.0.5
5.1.3
nuget System.Data.SqlClient (NuGet)
Description
Published to the GitHub Advisory Database
Jan 9, 2024
Last updated
Jan 16, 2024
Related news
Red Hat Security Advisory 2024-0255-03 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 7. Issues addressed include bypass, denial of service, and information leakage vulnerabilities.
Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly known or under active attack at the time of release, making it the second consecutive Patch Tuesday with no zero-days. The