Your data. Anywhere you go.

New Relic for iOS or Android

Download on the App Store    Android App on Google play

New Relic Insights App for iOS

Download on the App Store

Learn more

Close icon

Security Update: NR19-05 for .NET Agent


When manually constructing SQL queries that execute stored procedures with parameters, a missing space before the first value may cause the agent to incorrectly identify the metric name. This may result in sensitive data being included in metric names.


Mitigating factors

  • This vulnerability only affects applications that manually assemble SQL queries with parameters, without using parameterized queries. It’s recommended that applications use parameterized queries to help avoid introducing SQL injection vulnerabilities.