GHSA-29rv-fqx2-4c9f

Source

https://github.com/advisories/GHSA-29rv-fqx2-4c9f

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-29rv-fqx2-4c9f/GHSA-29rv-fqx2-4c9f.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-29rv-fqx2-4c9f

Aliases

CVE-2022-0749

Published

2022-03-18T00:01:10Z

Modified

2023-11-08T04:07:39.735075Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Deserialization of Untrusted Data in SinGooCMS.Utility

Details

This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.

Database specific

{
    "cwe_ids": [
        "CWE-502"
    ],
    "severity": "CRITICAL",
    "nvd_published_at": "2022-03-17T12:15:00Z",
    "github_reviewed_at": "2022-09-07T23:58:29Z",
    "github_reviewed": true
}

References

Affected packages

NuGet / SinGooCMS.Utility

Package

Name: SinGooCMS.Utility; View open source insights on deps.dev
Purl: pkg:nuget/SinGooCMS.Utility

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.6.2

Affected versions

1.*

1.0.0

1.2.0

1.3.0

1.3.1

1.3.2

1.5.0

1.5.1

1.5.2

1.6.0

1.6.1

1.6.2