GHSA-29rv-fqx2-4c9f

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-29rv-fqx2-4c9f/GHSA-29rv-fqx2-4c9f.json

Aliases

CVE-2022-0749

Published

2022-03-18T00:01:10Z

Modified

2023-03-15T05:47:24.537355Z

Details

This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-0749
https://github.com/SinGooCMS/SinGooCMSUtility/issues/1
https://github.com/SinGooCMS/SinGooCMSUtility/blob/master/SinGooCMS.Utility/Net/SocketClient.cs
https://snyk.io/vuln/SNYK-DOTNET-SINGOOCMSUTILITY-2312979

Affected packages

NuGet / SinGooCMS.Utility

SinGooCMS.Utility

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Affected versions

1.*

1.0.0

1.2.0

1.3.0

1.3.1

1.3.2

1.5.0

1.5.1

1.5.2

1.6.0

1.6.1

1.6.2

Database specific

{
    "last_known_affected_version_range": "<= 1.6.2"
}