GHSA-9xhh-3m78-gvgj

Source

https://github.com/advisories/GHSA-9xhh-3m78-gvgj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-9xhh-3m78-gvgj/GHSA-9xhh-3m78-gvgj.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9xhh-3m78-gvgj

Aliases

CVE-2024-28698

Published

2024-07-22T18:31:48Z

Modified

2024-08-15T12:49:36.261933Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

CLSA Directory Traversal vulnerability

Details

Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to execute arbitrary code via a crafted script to the MobileFormatter component.

Fixes for this issue have been backported to the 5.x, 6.x, and 7.x branches of CSLA. CSLA version 5.5.4 contains a fix. As of time of publication, 6.x and 7.x do not have numbered versions containing the fix but do have fix commits available.

Database specific

{
    "nvd_published_at": "2024-07-22T18:15:03Z",
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-02T16:02:37Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "CRITICAL"
}

References

Affected packages

NuGet / Csla

Package

Name: Csla; View open source insights on deps.dev
Purl: pkg:nuget/Csla

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.5.4

Affected versions

5.*

5.0.0-R19052204

5.0.0-R19080501

5.0.0-R19082107

5.0.0-R19082803

5.0.0-R19090201

5.0.0-R19091001

5.0.0-R19091005

5.0.0-R19091601

5.0.0-R19091701

5.0.0

5.0.1

5.1.0-R19101002

5.1.0-R19110101

5.1.0-R19110701

5.1.0-R19122302

5.1.0-R20011901

5.1.0-R20012001

5.1.0-R20012201

5.1.0-R20020503

5.1.0-R20020701

5.1.0

5.2.0-R20040904

5.2.0-R20042401

5.2.0-R20042901

5.2.0-R20050802

5.2.0

5.3.0-R20062901

5.3.0

5.3.1-R20082601

5.3.1

5.3.2

5.4.0-R20111002

5.4.0-R20111202

5.4.0-R20113004

5.4.0

5.4.1-R21011901

5.4.1

5.4.2-R21040501

5.4.2

5.5.0-R21070101

5.5.0-R21071901

5.5.0

5.5.1-R21080301

5.5.1-R21082202

5.5.1

5.5.2-R21101501

5.5.2

5.5.3

NuGet / Csla

Package

Name: Csla; View open source insights on deps.dev
Purl: pkg:nuget/Csla

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

8.0.0

Affected versions

6.*

6.0.0

6.1.0-R22070602

6.1.0

6.2.0

6.2.1

6.2.2

7.*

7.0.0-R23042102

7.0.0-R23042601

7.0.0-R23052201

7.0.0

7.0.1

7.0.2

7.0.3-R23113004

7.0.3

7.0.4

7.0.5

8.*

8.0.0-R23122103

8.0.0-R24010305

8.0.0-R24012202

8.0.0-R24021201

8.0.0-R24031201

8.0.0-R24031302

8.0.0-R24032503

Database specific

last_known_affected_version_range

"<= 6.2.2"

NuGet / Csla

Package

Name: Csla; View open source insights on deps.dev
Purl: pkg:nuget/Csla

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.0

Fixed

8.0.0

Affected versions

7.*

7.0.0

7.0.1

7.0.2

7.0.3-R23113004

7.0.3

7.0.4

7.0.5

8.*

8.0.0-R23122103

8.0.0-R24010305

8.0.0-R24012202

8.0.0-R24021201

8.0.0-R24031201

8.0.0-R24031302

8.0.0-R24032503

Database specific

last_known_affected_version_range

"<= 7.0.5"