GHSA-vh38-ghx6-vmvg

Опубликовано: 03 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Code Injection in Masuit.Tools.Core

All versions of package Masuit.Tools.Core are vulnerable to Arbitrary Code Execution via the ReceiveVarData function in the SocketClient.cs component. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.

Ссылки

Пакеты

Наименование

Masuit.Tools.Core

nuget

Затронутые версииВерсия исправления

<= 2.4.8.6

Отсутствует

EPSS

Процентиль: 75%

0.00906

Низкий

7.5 High

CVSS3

CVE ID

CVE-2022-21167

Дефекты

CWE-94

Связанные уязвимости

CVE-2022-21167

CVSS3: 7.5

nvd

почти 4 года назад

All versions of package masuit.tools.core are vulnerable to Arbitrary Code Execution via the ReceiveVarData<T> function in the SocketClient.cs component. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.

EPSS

Процентиль: 75%

0.00906

Низкий

7.5 High

CVSS3

CVE ID

CVE-2022-21167

Дефекты

CWE-94