Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-5pm2-9mr2-3frq

GitHub Security Advisory

Component takeover in Oracle Data Provider for .NET

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Data Provider for .NET. Note: Applies also to Database client-only on Windows platform. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

See the readme.txt files inside the `.nupkg` packages for a reference to the fix.

Affected Packages

NuGet Oracle.ManagedDataAccess
Affected versions: 21.0.0 (fixed in 21.9.0)
NuGet Oracle.ManagedDataAccess.Core
Affected versions: 3.21.0 (fixed in 3.21.90)
NuGet Oracle.ManagedDataAccess
Affected versions: 19.0.0 (fixed in 19.18.0)
NuGet Oracle.ManagedDataAccess.Core
Affected versions: 2.19.0 (fixed in 2.19.180)

Related CVEs

CVE-2023-21893

Key Information

GHSA ID
GHSA-5pm2-9mr2-3frq
Published
January 18, 2023 12:30 AM
Last Modified
April 13, 2023 5:39 PM
CVSS Score
7.5 /10
Primary Ecosystem
NuGet
Primary Package
Oracle.ManagedDataAccess
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 31, 2025 6:36 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.