[FP]: Dapper 2.1.35 and sqllite CVE-2017-10989 #6894
Labels
Comments
|
Nuget Coordinates dotnet add package Dapper --version 2.1.35Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #6894
]]></notes>
<packageUrl regex="true">^pkg:nuget/Dapper@.*$</packageUrl>
<cpe>cpe:/a:sqlite:sqlite</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/10382262954 |
|
ODC 9.2.0 is outdated and unsupported. Please upgrade. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package URl
pkg:nuget/[email protected]
CPE
cpe:2.3:a:sqlite:sqlite:::::::: versions up to (including) 3.19.3
CVE
CVE-2017-10989
ODC Integration
None
ODC Version
9.2.0
Description
I use Dapper 2.1.35 in project to connect SQL and depencycheck report raise critical with CVE-2017-10989.
In CVE detail I think that refer about only sqlite database issue. ( refer : https://security-tracker.debian.org/tracker/CVE-2017-10989 )
If we juse use Dapper like a database provider I think vulnerability of database should not raise on database provider or not?
The text was updated successfully, but these errors were encountered: