Thank you Frédéric, this clearly explained the situation. On Tuesday, April 27, 2021 at 3:41:16 PM UTC+2 Frédéric Delaporte wrote:
> The main, redistributable library NHibernate.dll, has no dependencies on > SQLite. It is up to anyone targeting this database to include whatever > dependencies they require, and to ensure they have up-to-date ones. > > The NHibernate test project does depend on SQLite. But it is not meant to > be distributed and used by other software. It is only the test project for > running the NHibernate tests suite. It tends to target rather old database > providers. I do not think having our test project depending on vulnerable > database providers is an issue, as it does run on clean VM instantiated for > the sole purpose of running the tests. > > Le mardi 27 avril 2021 à 15:35:33 UTC+2, Zika development a écrit : > >> Hi everyone, >> I searched through the group but didn't find any suitable conversation to >> post my question, so I'm opening this one. In my company, we are >> considering using NH, and we run the security analysis prior to integrating >> it. >> The analysis also searched through the third-party libraries used by >> the NH, including the *SQLite.Interop.dll*. We discovered that >> *SQLite.Interop.dll* is using an old version of SQLite (v 3.22.0), which >> has multiple vulnerabilities reported (CVEs at the end of the message). >> Can you please tell me if you are aware of these vulnerabilities? >> Furthermore, did you run any analysis of their potential impact on the NH >> itself? >> Thank you in advance! >> >> CVE-2019-8457, CVE-2020-11656, CVE-2019-19646, CVE-2018-20506, >> CVE-2018-20346, CVE-2020-11655, CVE-2018-20505, CVE-2018-8740, >> CVE-2020-13630, CVE-2019-16168, CVE-2020-15358, CVE-2020-13632, >> CVE-2020-13631, CVE-2020-13435, CVE-2020-13434, CVE-2019-19645 >> > -- You received this message because you are subscribed to the Google Groups "nhusers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nhusers/c3695bb5-248f-438f-ba31-ab3d9bbbb453n%40googlegroups.com.
