Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/144733?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/144733?format=api", "purl": "pkg:nuget/System.Data.SqlClient@4.8.4", "type": "nuget", "namespace": "", "name": "System.Data.SqlClient", "version": "4.8.4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.8.6", "latest_non_vulnerable_version": "4.8.6", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53503?format=api", "vulnerability_id": "VCID-qdk8-yfpy-xucv", "summary": ".NET Information Disclosure Vulnerability\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET, .NET Core and .NET Framework's System.Data.SqlClient and Microsoft.Data.SqlClient NuGet Packages.\n\nA vulnerability exists in System.Data.SqlClient and Microsoft.Data.SqlClient libraries where a timeout occurring under high load can cause incorrect data to be returned as the result of an asynchronously executed query.\n\n## <a name=\"mitigation-factors\"></a>Mitigation factors\n\nIf you are not talking to Microsoft SQL Server from your application you are not affected by this vulnerability.\n\n### <a name=\"how-affected\"></a>How do I know if I am affected?\n\n.NET has two types of dependencies: direct and transitive. Direct dependencies are dependencies where you specifically add a package to your project, transitive dependencies occur when you add a package to your project that in turn relies on another package. \n\nFor example, the Microsoft.AspNetCore.Mvc package depends on the Microsoft.AspNetCore.Mvc.Core package. When you add a dependency on Microsoft.AspNetCore.Mvc in your project, you're taking a transitive dependency on Microsoft.AspNetCore.Mvc.Core. \n \nAny application that has a direct or transitive dependency on the affected packages listed above are vulnerable.\n\n### <a name=\"how-fix\"></a>How do I fix the issue?\n\n* If you are using System.Data.SqlClient on .NET Framework you must install the November update for .NET Framework\n* If you are using System.Data.SqlClient on .NET Core, .NET 5 or .NET 6 you must update the nuget package to an updated version as listed in the affected packages.\n* If you are using Microsoft.Data.SqlClient, anywhere (.NET Core, .NET 5/6, .NET Framework) and you are using a version that is vulnerable you must update as listed in the affected packages.\n\n**Additional Details**\n\n.NET and .NET Framework projects have two types of dependencies: direct and transitive. You must update your projects using the following instructions to address both types of dependency. \n\nAdditionally, .NET Framework users must also install the November 2022 security patch to be protected. \n\n#### Direct dependencies \n\nDirect dependencies are discoverable by examining your csproj file. They can be fixed by editing the project file or using nuget command line to update the dependency. \n\n#### Transitive dependencies \n\nTransitive dependencies occur when you add a package to your project that in turn relies on another package. Transitive dependencies can be discovered by searching the project.assets.json file for each of your projects. This file is produced on each build and is in the obj directory for each project. \n\nThe project.assets.json files are the authoritative list of all packages used by your project, containing both direct and transitive dependencies. \n\n#### Fixing direct dependencies \n\nDirect dependencies are nuget packages that have been specifically added to a project, rather than being pulled in because a nuget package added requires it. They can be seen in the solution explorer in Visual Studio or by opening the csproj for the project and examining the packageReference nodes for the package name, specified by the Include parameter, and its version, specified by the Version parameter. \n\nFor example, the following project file has a direct dependency on version 2.1.1 of Microsoft.Data.SqlClient. \n```\n<Project Sdk=\"Microsoft.NET.Sdk.Web\"> \n\n <PropertyGroup> \n <TargetFramework>net6.0</TargetFramework> \n <Nullable>enable</Nullable> \n <ImplicitUsings>enable</ImplicitUsings> \n </PropertyGroup> \n\n <ItemGroup> \n <PackageReference Include=\"Microsoft.Data.SqlClient\" Version=\"2.1.1\" /> \n </ItemGroup> \n\n</Project> \n```\n#### Fixing direct dependencies with the nuget command line \n\nOpen a command line to the directory holding your project \n\nRun the following command if you are using a version of Microsoft.Data.SqlClient between 2.0.0 and 2.1.1 \n\n> dotnet add package Microsoft.Data.SqlClient --version 2.1.2 \n\nRun the following command if you are using a version of Microsoft.Data.SqlClient below 1.1.4 \n\n> dotnet add package Microsoft.Data.SqlClient --version 1.1.4 \n\nRun the following command if you are using a version of System.Data.SqlClient below 4.8.4 \n\n> dotnet add package System.Data.SqlClient --version 4.8.5 \n\n#### Fixing direct dependencies by editing the project file \n\nOpen projectname.csproj in your editor. If you're using Visual Studio, right-click the project and choose Edit projectname.csproj from the context menu, where projectname is the name of your project. \n\nLook for PackageReference elements. The following shows an example project file: \n\n```\n<Project Sdk=\"Microsoft.NET.Sdk.Web\"> \n\n <PropertyGroup> \n <TargetFramework>net6.0</TargetFramework> \n <Nullable>enable</Nullable> \n <ImplicitUsings>enable</ImplicitUsings> \n </PropertyGroup> \n\n <ItemGroup> \n <PackageReference Include=\"Microsoft.Data.SqlClient\" Version=\"2.1.1\" /> \n </ItemGroup> \n\n</Project> \n```\n\nThe preceding example has a reference tone of the vulnerable packages as seen by the single PackageReference element. The name of the package is in the Include attribute. \nThe package version number is in the Version attribute. \n\nTo update the version to the secure package, change the version number to the updated package version as listed in the Affected software section of this document. \n\nIn this example, update Microsoft.Data.SqlClient to the appropriate fixed version for your major version. Save the csproj file. The example csproj now looks as follows: \n```\n<Project Sdk=\"Microsoft.NET.Sdk.Web\"> \n\n <PropertyGroup> \n <TargetFramework>net6.0</TargetFramework> \n <Nullable>enable</Nullable> \n <ImplicitUsings>enable</ImplicitUsings> \n </PropertyGroup> \n\n <ItemGroup> \n <PackageReference Include=\"Microsoft.Data.SqlClient\" Version=\"2.1.2\" /> \n </ItemGroup> \n\n</Project>\n```\nIf you're using Visual Studio and you save your updated csproj file, Visual Studio will restore the new package version. \n\nYou can see the restore results by opening the Output window (Ctrl+Alt+O) and changing the Show output from drop-down list to Package Manager. \n\nIf you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the updated dependencies. \n\nNow recompile your application. If after recompilation you see a Dependency conflict warning, you must update your other direct dependencies to versions that take a dependency on the updated package. \n\n#### Discovering and fixing transitive dependencies \n\nRebuild your solution and then open the project.assets.json file from in each of your project’s obj directory in your editor. We suggest you use an editor that understands JSON and allows you to collapse and expand nodes to review this file. Both Visual Studio and Visual Studio Code provide JSON friendly editing. \n\nSearch the project.assets.json file for the vulnerable packages above using the format packagename/ for each of the package names from the preceding table. If you find the assembly name in your search: \n\nExamine the line on which they are found, the version number is after the /. \n\nCompare to the vulnerable versions \n\nFor example, a search result that shows \"Microsoft.Data.SqlClient\": \"2.1.0\" is a reference to version 2.1.0 of Microsoft.Data.SqlClient If your project.assets.json file includes vulnerable versions of the nuget packages then you need to fix the transitive dependencies. \n\nIf you have not found any reference to any vulnerable packages, this means either \n\nNone of your direct dependencies depend on any vulnerable packages, or \n\nYou have already fixed the problem by updating the direct dependencies. \n\nIf your transitive dependency review found references to the vulnerable package, you must add a direct dependency to the updated package to your csproj file to override the transitive dependency. \n\n#### Editing projects to fix transitive dependencies \n\nOpen projectname.csproj in your editor. Look for PackageReference nodes, for example: \n```\n<Project Sdk=\"Microsoft.NET.Sdk.Web\"> \n\n <PropertyGroup> \n <TargetFramework>net6.0</TargetFramework> \n <Nullable>enable</Nullable> \n <ImplicitUsings>enable</ImplicitUsings> \n </PropertyGroup> \n\n <ItemGroup> \n <PackageReference Include=\"IndirectDependency\" Version=\"1.0.0\" /> \n </ItemGroup> \n\n</Project> \n```\n\n\nYou must add a direct dependency to the updated, matching major/minor version of the vulnerable by adding it to the csproj file. This is done by adding a new line to the dependencies section, referencing the fixed version. For example, \n```\n<Project Sdk=\"Microsoft.NET.Sdk.Web\"> \n\n <PropertyGroup> \n <TargetFramework>net6.0</TargetFramework> \n <Nullable>enable</Nullable> \n <ImplicitUsings>enable</ImplicitUsings> \n </PropertyGroup> \n\n <ItemGroup> \n <PackageReference Include=\"IndirectDependency\" Version=\"1.0.0\" /> \n <PackageReference Include=\"Microsoft.Data.SqlClient\" Version=\"2.1.2\" /> \n </ItemGroup> \n\n</Project> \n\n```\n\nAfter you've added the direct dependency reference, save your csproj file. \n\nIf you're using Visual Studio, save your updated csproj file and Visual Studio will restore the new package versions. You can see the restore results by opening the Output window (Ctrl+Alt+O) and changing the Show output from drop-down list to Package Manager. \n\nIf you're not using Visual Studio, open a command line and change to your project directory. Execute the dotnet restore command to restore the new dependencies. \n\n#### Using the nuget command line to fix transitive dependencies \n\nOpen a command window and change directory to your project directory. \n\nRun the following command if you have an indirect dependency on Microsoft.Data.SqlClient between versions 2.0.0 and 2.1.1 \n\n> dotnet add package Microsoft.Data.SqlClient --version 2.1.2 \n\nRun the following command if you have an indirect dependency on Microsoft.Data.SqlClient below 1.1.4 \n\n> dotnet add package Microsoft.Data.SqlClient --version 1.1.4 \n\nRun the following command if you have an indirect dependency on System.Data.SqlClient below 4.8.4 \n\n> dotnet add package System.Data.SqlClient --version 4.8.5 \n\nExecute the dotnet restore command to restore the new dependencies. \n\n#### Rebuilding your application \n\nFinally, you must rebuild your application, test, and redeploy. \n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### Revisions\n\nV1.0 (November 8, 2022): Advisory published.\n\n_Version 1.0_\n\n_Last Updated 2022-11-08_", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41064", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37964", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37905", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37858", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37883", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37919", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37938", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37904", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37891", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37841", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40783", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40364", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40513", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40597", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40609", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40704", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41064" }, { "reference_url": "https://github.com/dotnet/corefx", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dotnet/corefx" }, { "reference_url": "https://github.com/dotnet/corefx/security/advisories/GHSA-8g2p-5pqh-5jmc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dotnet/corefx/security/advisories/GHSA-8g2p-5pqh-5jmc" }, { "reference_url": "https://github.com/dotnet/runtime/issues/78042", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dotnet/runtime/issues/78042" }, { "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T16:53:52Z/" } ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41064", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41064" }, { "reference_url": "https://www.nuget.org/packages/Microsoft.Data.SqlClient", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.nuget.org/packages/Microsoft.Data.SqlClient" }, { "reference_url": "https://www.nuget.org/packages/Microsoft.Data.SqlClient/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.nuget.org/packages/Microsoft.Data.SqlClient/" }, { "reference_url": "https://github.com/advisories/GHSA-8g2p-5pqh-5jmc", "reference_id": "GHSA-8g2p-5pqh-5jmc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8g2p-5pqh-5jmc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81107?format=api", "purl": "pkg:nuget/System.Data.SqlClient@4.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-xdr5-8wxz-8kh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/System.Data.SqlClient@4.8.5" } ], "aliases": [ "CVE-2022-41064", "GHSA-8g2p-5pqh-5jmc", "GMS-2022-6502", "GMS-2022-6505" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qdk8-yfpy-xucv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14013?format=api", "vulnerability_id": "VCID-xdr5-8wxz-8kh6", "summary": "Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass\nMicrosoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0056.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0056.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-0056", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75179", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75121", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.751", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.7509", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75128", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75134", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75124", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75163", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75166", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.7517", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75048", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75077", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75054", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75088", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75099", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-0056" }, { "reference_url": "https://github.com/dotnet/announcements/issues/292", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dotnet/announcements/issues/292" }, { "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T15:47:49Z/" } ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0056", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0056" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255384", "reference_id": "2255384", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255384" }, { "reference_url": "https://github.com/advisories/GHSA-98g6-xh36-x2p7", "reference_id": "GHSA-98g6-xh36-x2p7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98g6-xh36-x2p7" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0150", "reference_id": "RHSA-2024:0150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0151", "reference_id": "RHSA-2024:0151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0152", "reference_id": "RHSA-2024:0152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0156", "reference_id": "RHSA-2024:0156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0156" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0157", "reference_id": "RHSA-2024:0157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0157" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0158", "reference_id": "RHSA-2024:0158", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0158" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0255", "reference_id": "RHSA-2024:0255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0255" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50098?format=api", "purl": "pkg:nuget/System.Data.SqlClient@4.8.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/System.Data.SqlClient@4.8.6" } ], "aliases": [ "CVE-2024-0056", "GHSA-98g6-xh36-x2p7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xdr5-8wxz-8kh6" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/System.Data.SqlClient@4.8.4" }