TECHNOLOGIES
FORUMS
JOBS
BOOKS
EVENTS
INTERVIEWS
Live
MORE
LEARN
Training
CAREER
MEMBERS
VIDEOS
NEWS
BLOGS
Sign Up
Login
No unread comment.
View All Comments
No unread message.
View All Messages
No unread notification.
View All Notifications
Answers
Post
An Article
A Blog
A News
A Video
An EBook
An Interview Question
Ask Question
Forums
Monthly Leaders
Forum guidelines
Madan Shekar
206
8.3k
1.1m
Entity framework dll security issue
Nov 27 2019 12:06 AM
Hi All
now i am working on security issue's, we have one security issue on entity framework DLL file ,please check the bellow details.
Attack Vector: system_data_dll.System.Data.IDbConnection.set_ConnectionString
Number of Modules Affected: 1
Description: This call to system_data_dll.System.Data.IDbConnection.set_ConnectionString() allows external control of system settings. The argument to the function is constructed using untrusted input, which can disrupt service or cause an application to behave in unexpected ways. The first argument to set_ConnectionString() contains tainted data. The tainted data originated from earlier calls to entityframework_dll.System.Data.Entity.Database.Delete, and entityframework_dll.System.Data.Entity.Database.Exists.
Remediation: Never allow untrusted or otherwise untrusted data to control system-level settings. Always validate untrusted input to ensure that it conforms to the expected format, using centralized data validation routines when possible.
Reply
Answers (
2
)
store mixeddatatypes in an array
Method or function