CVE-2022-21167

Опубликовано: 01 мая 2022

Источник: nvd

CVSS3: 7.5

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

All versions of package masuit.tools.core are vulnerable to Arbitrary Code Execution via the ReceiveVarData function in the SocketClient.cs component. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.

Ссылки

https://github.com/ldqk/Masuit.Tools/blob/327f42b9f20f25bb66188672199c8265fc968d91/Masuit.Tools.Abstractions/Net/SocketClient.cs%23L197
Broken Link
https://snyk.io/vuln/SNYK-DOTNET-MASUITTOOLSCORE-2316875
Third Party Advisory
https://github.com/ldqk/Masuit.Tools/blob/327f42b9f20f25bb66188672199c8265fc968d91/Masuit.Tools.Abstractions/Net/SocketClient.cs%23L197
Broken Link
https://snyk.io/vuln/SNYK-DOTNET-MASUITTOOLSCORE-2316875
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ldqk:masuit.tools:*:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00906

Низкий

7.5 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-vh38-ghx6-vmvg

CVSS3: 7.5

github

почти 4 года назад

Code Injection in Masuit.Tools.Core

EPSS

Процентиль: 75%

0.00906

Низкий

7.5 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo