[GHSA-x9vc-6hfv-hg8c] Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow #4381
Conversation
|
Hi there @paul-gerste-sonarsource and @NinoFloris! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository. This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory |
github-actions
bot
changed the base branch from
main
to
jadentom/advisory-improvement-4381
|
Not sure if line 37 should be changed: "last_known_affected_version_range": "<= 8.0.2" That still contains 7.0.7. Don't know what the override behaviour is, and I'm not sure how you would specify multiple ranges. As well, I'm not sure if you're able to specify multiple fix versions... That was also a guess. |
|
Thank you for your submission to the GitHub Advisory Database, this has been closed due to being a duplicate of #4379. |
Updates
Comments
https://github.com/npgsql/npgsql/releases/tag/v7.0.7
Release notes say that it is fixed here as well