Untrusted Initialization Vulnerability Revealed in Veracode Scan
violachyu opened this issue · comments
As our codebase dependent on EF 6.1.3 ran through the latest Veracode scan, it returned several flaws regarding untrusted initialization.
Instances shown below are reported to allowing external control of system settings or variables, which subsequestly may lead to unexpected behavior in application that may disrupt services.
Reproduction guidelines are also provided in the report, noting that the application should be compartmentalized, along with trust boundaries determination. Please refer to the attached documents for detailed information.
EF6_Issue_20220712.pdf
This issue has been closed because EF6 is no longer being actively developed. We are instead focusing on stability of the codebase, which means we will only make changes to address security issues. See the repo README for more information.