Skip to content

[GHSA-m494-w24q-6f7w] JDBC Driver for SQL Server has improper input validation issue#6449

Merged
advisory-database[bot] merged 1 commit intourielcos/advisory-improvement-6449from
urielcos-GHSA-m494-w24q-6f7w
Nov 24, 2025
Merged

[GHSA-m494-w24q-6f7w] JDBC Driver for SQL Server has improper input validation issue#6449
advisory-database[bot] merged 1 commit intourielcos/advisory-improvement-6449from
urielcos-GHSA-m494-w24q-6f7w

Conversation

@urielcos
Copy link

@urielcos urielcos commented Nov 20, 2025

Updates

  • Affected products

Comments
The fix is related to how authentication is made using certificates.
Such method of auth wasn't added until version 8.3.0 as seen here: microsoft/mssql-jdbc@9732e1b#diff-45367b99a1951943bfecfc7765e80df687967aa56286a5b2e039f77cd9a0e118 and in this PR: microsoft/mssql-jdbc#1284

versions below aren't susceptible to this CVE

@github-actions github-actions bot changed the base branch from main to urielcos/advisory-improvement-6449 November 20, 2025 14:31
@advisory-database advisory-database bot merged commit 8814b04 into urielcos/advisory-improvement-6449 Nov 24, 2025
4 checks passed
@advisory-database
Copy link
Contributor

advisory-database bot commented Nov 24, 2025

Hi @urielcos! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!

@advisory-database advisory-database bot deleted the urielcos-GHSA-m494-w24q-6f7w branch November 24, 2025 17:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@urielcos