exploitDog

CVE-2023-35816

Опубликовано: 28 апр. 2025

Источник: nvd

CVSS3: 3.5

CVSS3: 5.3

EPSS Низкий

Описание

DevExpress before 23.1.3 allows arbitrary TypeConverter conversion.

Ссылки

https://code-white.com/public-vulnerability-list/
Vendor Advisory
https://supportcenter.devexpress.com/ticket/details/t1127422/insecure-arbitrary-typeconverter-conversion
Permissions Required
https://supportcenter.devexpress.com/ticket/details/t1159641/net-desktop-and-web-controls-unsafe-data-type-deserialization
Permissions Required
https://supportcenter.devexpress.com/ticket/details/t394936/devexpress-security-advisory-updated-on-april-27-2023
Permissions Required

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:devexpress:devexpress:*:*:*:*:*:*:*:*

Версия до 21.2.12 (исключая)

cpe:2.3:a:devexpress:devexpress:22.1.8:*:*:*:*:*:*:*

cpe:2.3:a:devexpress:devexpress:22.2.4:*:*:*:*:*:*:*

cpe:2.3:a:devexpress:devexpress:22.2.5:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.00087

Низкий

3.5 Low

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-23

CWE-704

Связанные уязвимости

GHSA-22wj-vp2m-rxhc

CVSS3: 3.5

github

6 месяцев назад

DevExpress before 23.1.3 allows arbitrary TypeConverter conversion.

EPSS

Процентиль: 26%

0.00087

Низкий

3.5 Low

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-23

CWE-704