Your data. Anywhere you go.

New Relic for iOS or Android


Download on the App Store    Android App on Google play


New Relic Insights App for iOS


Download on the App Store


Learn more

Close icon

Security Update: NR19-05 for .NET Agent


#1

When manually constructing SQL queries that execute stored procedures with parameters, a missing space before the first value may cause the agent to incorrectly identify the metric name. This may result in sensitive data being included in metric names.

NR19-05

Mitigating factors

  • This vulnerability only affects applications that manually assemble SQL queries with parameters, without using parameterized queries. It’s recommended that applications use parameterized queries to help avoid introducing SQL injection vulnerabilities.