CVE-2021-23758

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-23758

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23758.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-23758

Aliases

GHSA-74r6-grj9-8rq6
SNYK-DOTNET-AJAXPRO2-1925971

Published

2021-12-03T20:15:07Z

Modified

2024-05-14T22:04:41Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution.

References

Affected packages

Git / github.com/michaelschwarz/ajax.net-professional

Affected ranges

Type: GIT
Repo: https://github.com/michaelschwarz/ajax.net-professional
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b0e63be5f0bb20dfce507cb8a1a9568f6e73de57