Description
Hi friends,
Our InfoSec team has passed this vulnerability onto us and so I'm opening this here with you to see if this can be remediated as it relates to the dbatools.library module.
The library Microsoft.Data.SqlClient version 5.0.1 was detected in Dotnet library manager located at C:\Program Files\WindowsPowerShell\Modules\dbatools.library\2023.9.21\core\lib\mac\sqlpackage.deps.json and is vulnerable to CVE-2024-0056, which exists in versions >= 5.0.0, < 5.1.3.
The vulnerability was found in the Github Security Advisory with vendor severity: High.
The vulnerability can be remediated by updating the library to version 5.1.3 or higher, using dotnet add package Microsoft.Data.SqlClient.
I'm running the following versions:
2.1.8 dbatools PSGallery The community module that enables SQL Server Pro...
2023.9.21 dbatools.library PSGallery The library that powers dbatools, the community ...
Thanks!
Gary Hampson
Activity