Описание
Duplicate Advisory: Remote Code Execution in AjaxNetProfessional
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-6r7c-6w96-8pvw. This link is maintained to preserve external references.
Original Description
All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution.
Ссылки
- https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-6r7c-6w96-8pvw
- https://nvd.nist.gov/vuln/detail/CVE-2021-23758
- https://github.com/michaelschwarz/Ajax.NET-Professional/commit/b0e63be5f0bb20dfce507cb8a1a9568f6e73de57
- https://snyk.io/vuln/SNYK-DOTNET-AJAXPRO2-1925971
- http://packetstormsecurity.com/files/175677/AjaxPro-Deserialization-Remote-Code-Execution.html
Пакеты
Наименование
AjaxNetProfessional
nuget
Затронутые версииВерсия исправления
<= 21.11.29
21.11.29.1
9.8 Critical
CVSS3
Дефекты
CWE-502
9.8 Critical
CVSS3
Дефекты
CWE-502