Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0ycnZ4LWN2ZmMtbWNwMs4AAbX5

New Relic .NET Agent contains SQL Injection

New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism.

Permalink: https://github.com/advisories/GHSA-2rvx-cvfc-mcp2
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0ycnZ4LWN2ZmMtbWNwMs4AAbX5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: 6 months ago

CVSS Score: 9.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-2rvx-cvfc-mcp2, CVE-2017-9246
References:

Blast Radius: 1.0

Affected Packages

nuget:NewRelic.Agent

Dependent packages: 0
Dependent repositories: 0
Downloads: 8,854,487 total
Affected Version Ranges: < 6.3.123.0
Fixed in: 6.3.123.0
All affected versions:
All unaffected versions: 8.2.216, 8.3.360, 8.4.880, 8.5.186, 8.6.45, 8.7.75, 8.8.83, 8.9.130, 8.10.51, 8.11.157, 8.12.216, 8.13.798, 8.14.222, 8.15.455, 8.16.567, 8.17.438, 8.18.241, 8.19.353, 8.20.262, 8.21.34, 8.22.181, 8.23.107, 8.24.244, 8.25.214, 8.26.630, 8.27.139, 8.28.0, 8.29.0, 8.30.0, 8.31.0, 8.32.0, 8.33.0, 8.34.0, 8.35.0, 8.36.0, 8.37.0, 8.38.0, 8.39.0, 8.39.1, 8.39.2, 8.40.0, 8.40.1, 8.41.0, 8.41.1, 9.0.0, 9.1.0, 9.1.1, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.5.1, 9.6.0, 9.6.1, 9.7.0, 9.7.1, 9.8.0, 9.8.1, 9.9.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.5.1, 10.6.0, 10.7.0, 10.8.0, 10.9.0, 10.9.1, 10.10.0, 10.11.0, 10.12.0, 10.12.1, 10.13.0, 10.14.0, 10.15.0, 10.16.0, 10.17.0, 10.18.0, 10.19.0, 10.19.1, 10.19.2, 10.20.0, 10.20.1, 10.20.2, 10.21.0, 10.21.1, 10.22.0, 10.23.0, 10.23.1