[Bug Bash] The vulnerable info shows inconsistently between “Package Details” & “Version” dropdown list for the transitive package “Microsoft.Data.OData”

[v-luzh]

NuGet Product Used

Visual Studio Package Management UI

Product Version

Dev\6.13.0.99

Worked before?

2. It is not regression since it reproes on VS D17.12\35523.42 + NuGet Client 6.12.1.1.

Impact

It bothers me. A fix would be nice

Repro Steps & Context

Details about problem

VS Version: Main\35617.63
OS: Windows-11-Enterprise-23H2

Notes:  

1. The repro rate is 100%. 
2. It reproes after installing the versions: 5.8.0, 5.8.1, 5.8.2, 5.8.3 for package “Microsoft.Data.Services.Client” in step3.
3. It also reproes after installing the package with "packages.config" format in step 4.
4. It doesn't repro when installing this package “Microsoft.Data.OData” directly as top-level package, but it reproes after updating the package “Microsoft.Data.OData 5.8.0” from transitive package to top-level package.\

Repro Steps:   

1. Create a “C# Console App (.NET Framework 4.8.1)” project.   
2. Right-click the project in Solution Explorer window and select "Manage NuGet Packages…" menu item to open the PM UI. 
3. Select the package sources “nuget.org” from “Package source” dropdown box and search for the package “Microsoft.Data.Services.Client”.
4. Select.”5.8.0” in the “Version” dropdown list and install the package with "PackageReference" format.
5. Go to “Installed” tab and observe the package info in both “Package Details” & “Version” dropdown list for the transitive package “Microsoft.Data.OData”.

Expected Result:

The vulnerable info shows consistently between “Package Details” & “Version” dropdown list for the transitive package “Microsoft.Data.OData”.

Actual Result:

The vulnerable info shows inconsistently between “Package Details” & “Version” dropdown list for the transitive package “Microsoft.Data.OData” as the screenshot below.