ODP.NET

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Is CVE-2023-21893 fixed in 19.x branches?

Manuel PApr 24 2023

Recently most of the package versions of https://www.nuget.org/packages/Oracle.ManagedDataAccess/ and https://www.nuget.org/packages/Oracle.ManagedDataAccess.Core/ were marked as having a vulnerability. This is based on https://github.com/advisories/GHSA-5pm2-9mr2-3frq

Is it really correct that only the 21.x branches have been fixed? There have been new releases in the 19.x branches too, but those are still marked as having the vulnerability.

https://www.oracle.com/security-alerts/cpujan2023.html says that CVE-2023-21893 also affects supported version 19c. So I'd assume a still supported version would be fixed too?

This post has been answered by Alex Keh-Oracle on Apr 25 2023

Jump to Answer

Added on Apr 24 2023

1 comment

824 views