CVE-2022-0749

Опубликовано: 17 мар. 2022

Источник: nvd

CVSS3: 7.4

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.

Ссылки

https://github.com/SinGooCMS/SinGooCMSUtility/blob/master/SinGooCMS.Utility/Net/SocketClient.cs
Exploit
Third Party Advisory
https://github.com/SinGooCMS/SinGooCMSUtility/issues/1
Exploit
Issue Tracking
Third Party Advisory
https://snyk.io/vuln/SNYK-DOTNET-SINGOOCMSUTILITY-2312979
Exploit
Issue Tracking
Third Party Advisory
https://github.com/SinGooCMS/SinGooCMSUtility/blob/master/SinGooCMS.Utility/Net/SocketClient.cs
Exploit
Third Party Advisory
https://github.com/SinGooCMS/SinGooCMSUtility/issues/1
Exploit
Issue Tracking
Third Party Advisory
https://snyk.io/vuln/SNYK-DOTNET-SINGOOCMSUTILITY-2312979
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:singoo:singoocms.utility:-:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00474

Низкий

7.4 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502

Связанные уязвимости

GHSA-29rv-fqx2-4c9f

CVSS3: 9.8

github

больше 3 лет назад

Deserialization of Untrusted Data in SinGooCMS.Utility

EPSS

Процентиль: 64%

0.00474

Низкий

7.4 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502