CVE-2023-32571

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-32571

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-32571.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-32571

Aliases

GHSA-w65q-jcmv-28gj

Published

2023-06-22T20:15:09.640Z

Modified

2026-03-14T12:07:10.412524Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.

References

Affected packages

Git / github.com/zzzprojects/System.Linq.Dynamic.Core

Affected ranges

Type

GIT

Repo

https://github.com/zzzprojects/System.Linq.Dynamic.Core

Events

Introduced

83e245dbcb5b788fb714756ad4db5eaa6adc7b34

Last affected

f5676b0b4e7ed6a8c78bd2943e438cc0bbf91e14

Database specific

{
    "versions": [
        {
            "introduced": "1.0.7.10"
        },
        {
            "last_affected": "1.2.25"
        }
    ]
}

Affected versions

1.*

1.0.10.0

1.0.11.0

1.0.12.0

1.0.13.0

1.0.14.0

1.0.15.0

1.0.16.0

1.0.17.0

1.0.18.0

1.0.19.0

1.0.20.0

1.0.21.0

1.0.22.0

1.0.23.0

1.0.24.0

1.0.7.10

1.0.7.12

1.0.7.13

1.0.8.0

1.0.8.1

1.0.8.10

1.0.8.11

1.0.8.12

1.0.8.14

1.0.8.15

1.0.8.16

1.0.8.17

1.0.8.18

1.0.8.2

1.0.8.3

1.0.8.4

1.0.8.5

1.0.8.6

1.0.8.7

1.0.8.8

1.0.8.9

1.0.9.0

1.0.9.1

1.0.9.2

1.1.0.0

v1.*

v1.1.1

v1.1.2

v1.1.3

v1.1.5

v1.1.6

v1.1.7

v1.1.8

v1.2.0

v1.2.1

v1.2.10

v1.2.11

v1.2.12

v1.2.13

v1.2.14

v1.2.15

v1.2.16

v1.2.17

v1.2.18

v1.2.19

v1.2.2

v1.2.20

v1.2.21

v1.2.22

v1.2.23

v1.2.24

v1.2.25

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.2.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-32571.json"