GHSA-v726-3vg9-cp34

Source

https://github.com/advisories/GHSA-v726-3vg9-cp34

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-v726-3vg9-cp34/GHSA-v726-3vg9-cp34.json

Aliases

CVE-2020-27998

Published

2021-08-02T17:28:16Z

Modified

2023-11-08T04:03:22.735705Z

Details

An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle (for example) GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-27998
https://github.com/FastReports/FastReport/pull/206
https://github.com/FastReports/FastReport/compare/v2020.3.0...v2020.4.0
https://opensource.fast-report.com/2020/09/report-script-security.html
https://securitylab.github.com/advisories/GHSL-2020-143-FastReportsInc-FastReports

Affected packages

NuGet / FastReport.OpenSource

Package

Name: FastReport.OpenSource

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2020.4.0

Affected versions

2018.*

2018.4.7

2018.4.9

2018.4.16

2019.*

2019.1.0

2019.1.20

2019.2.0

2019.3.0

2019.3.13

2019.3.19

2020.*

2020.1.20

2020.1.25

2020.1.28

2020.2.0

2020.2.9

2020.3.0

2020.3.1

2020.3.4

2020.3.10

2020.3.14

2020.3.17

2020.3.21

2020.3.22