CVE-2017-9246 – newrelic.agent

Package

Manager: nuget
Name: newrelic.agent
Vulnerable Version: >=0 <6.3.123.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0025 pctl0.48243

Details

New Relic .NET Agent contains SQL Injection New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism.

Metadata

Created: 2022-05-17T02:35:57Z
Modified: 2023-10-24T13:01:05Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2rvx-cvfc-mcp2/GHSA-2rvx-cvfc-mcp2.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-2rvx-cvfc-mcp2
Finding: F106
Auto approve: 1