Vulnerability CVE 2022-41064 comes via EntityFramework 6.3.0 #79641
Comments
|
I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label. |
ghost
added
the
|
EntityFramework 6.3.0 is not a part of the .NET runtime !? |
|
Looks like a misinterpretation on my part. It is not coming with the runtime. In the deps.json file it is put under ".NETCoreApp,Version=v6.0/win-x64". But i don't have an explizit import of EntityFramework. |
|
I found the reference in Xceed.Wpf.DataGrid/7.0.20452.1321" |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description
Vulnerability CVE 2022-41064 (#78042) for System.Data.SqlClient 4.7.0 comes via EntityFramework 6.3.0 (solved with dotnet/ef6#2061) in the current runtime 6.0.12
Reproduction Steps
Checking with Dependency-Track
Expected behavior
runtime uses EntityFramework upcoming 6.4.5 or 6.5.0
Actual behavior
runtime uses EntityFramework 6.3.0
Regression?
No response
Known Workarounds
No response
Configuration
No response
Other information
No response
The text was updated successfully, but these errors were encountered: