GHSA-9xhh-3m78-gvgj

Suggest an improvement
Source
https://github.com/advisories/GHSA-9xhh-3m78-gvgj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-9xhh-3m78-gvgj/GHSA-9xhh-3m78-gvgj.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-9xhh-3m78-gvgj
Aliases
Published
2024-07-22T18:31:48Z
Modified
2024-08-15T12:49:36.261933Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
CLSA Directory Traversal vulnerability
Details

Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to execute arbitrary code via a crafted script to the MobileFormatter component.

Fixes for this issue have been backported to the 5.x, 6.x, and 7.x branches of CSLA. CSLA version 5.5.4 contains a fix. As of time of publication, 6.x and 7.x do not have numbered versions containing the fix but do have fix commits available.

References

Affected packages

NuGet / Csla

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.5.4

Affected versions

5.*

5.0.0-R19052204
5.0.0-R19080501
5.0.0-R19082107
5.0.0-R19082803
5.0.0-R19090201
5.0.0-R19091001
5.0.0-R19091005
5.0.0-R19091601
5.0.0-R19091701
5.0.0
5.0.1
5.1.0-R19101002
5.1.0-R19110101
5.1.0-R19110701
5.1.0-R19122302
5.1.0-R20011901
5.1.0-R20012001
5.1.0-R20012201
5.1.0-R20020503
5.1.0-R20020701
5.1.0
5.2.0-R20040904
5.2.0-R20042401
5.2.0-R20042901
5.2.0-R20050802
5.2.0
5.3.0-R20062901
5.3.0
5.3.1-R20082601
5.3.1
5.3.2
5.4.0-R20111002
5.4.0-R20111202
5.4.0-R20113004
5.4.0
5.4.1-R21011901
5.4.1
5.4.2-R21040501
5.4.2
5.5.0-R21070101
5.5.0-R21071901
5.5.0
5.5.1-R21080301
5.5.1-R21082202
5.5.1
5.5.2-R21101501
5.5.2
5.5.3

NuGet / Csla

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
8.0.0

Affected versions

6.*

6.0.0
6.1.0-R22070602
6.1.0
6.2.0
6.2.1
6.2.2

7.*

7.0.0-R23042102
7.0.0-R23042601
7.0.0-R23052201
7.0.0
7.0.1
7.0.2
7.0.3-R23113004
7.0.3
7.0.4
7.0.5

8.*

8.0.0-R23122103
8.0.0-R24010305
8.0.0-R24012202
8.0.0-R24021201
8.0.0-R24031201
8.0.0-R24031302
8.0.0-R24032503

Database specific

{
    "last_known_affected_version_range": "<= 6.2.2"
}

NuGet / Csla

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
8.0.0

Affected versions

7.*

7.0.0
7.0.1
7.0.2
7.0.3-R23113004
7.0.3
7.0.4
7.0.5

8.*

8.0.0-R23122103
8.0.0-R24010305
8.0.0-R24012202
8.0.0-R24021201
8.0.0-R24031201
8.0.0-R24031302
8.0.0-R24032503

Database specific

{
    "last_known_affected_version_range": "<= 7.0.5"
}