GHSA-vh38-ghx6-vmvg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vh38-ghx6-vmvg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vh38-ghx6-vmvg/GHSA-vh38-ghx6-vmvg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vh38-ghx6-vmvg
- Aliases
-
- CVE-2022-21167
- Published
- 2022-05-03T00:00:46Z
- Modified
- 2024-02-20T05:29:06.189451Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Code Injection in Masuit.Tools.Core
- Details
-
All versions of package Masuit.Tools.Core are vulnerable to Arbitrary Code Execution via the ReceiveVarData<T> function in the SocketClient.cs component. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.
- Database specific
{ "nvd_published_at": "2022-05-01T16:15:00Z", "github_reviewed_at": "2022-05-23T19:41:26Z", "cwe_ids": [ "CWE-94" ], "severity": "HIGH", "github_reviewed": true }- References
Affected packages
NuGet / Masuit.Tools.Core
Package
- Name
- Masuit.Tools.Core
- View open source insights on deps.dev
- Purl
- pkg:nuget/Masuit.Tools.Core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected2.4.8.6
Affected versions
1.*
1.0.0
1.7.7
1.7.9
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.8.8
1.8.9
1.8.9.1
1.9.0
1.9.1
1.9.1.1
1.9.1.2
1.9.1.3
1.9.1.4
1.9.2
1.9.3
1.9.3.1
1.9.3.2
1.9.3.3
1.9.4
1.9.4.1
1.9.5
1.9.5.1
1.9.5.2
1.9.5.3
1.9.5.4
1.9.6
1.9.7
1.9.7.1
1.9.7.2
1.9.7.3
1.9.7.4
1.9.8
1.9.9
1.9.10
1.9.11
2.*
2.0.0
2.0.1
2.1.0
2.1.1
2.1.1.1
2.1.2
2.1.2.1
2.1.3
2.1.3.1
2.1.4
2.1.4.1
2.1.4.2
2.1.4.3
2.1.5
2.1.5.1
2.1.5.2
2.1.6
2.1.6.1
2.2.0
2.2.1
2.2.2
2.2.2.1
2.2.2.2
2.2.3
2.2.3.1
2.2.3.2
2.2.3.3
2.2.3.4
2.2.3.5
2.2.4
2.2.4.1
2.2.4.2
2.2.4.3
2.2.4.4
2.2.4.5
2.2.4.6
2.2.5
2.2.5.1
2.2.6
2.2.6.1
2.2.6.2
2.2.6.3
2.2.6.4
2.2.7
2.2.7.1
2.2.7.2
2.2.7.3
2.2.7.4
2.2.7.5
2.2.7.6
2.2.8
2.2.8.1
2.2.8.2
2.2.8.3
2.2.8.4
2.2.8.5
2.2.8.6
2.2.8.7
2.2.8.8
2.2.8.9
2.2.9
2.2.9.1
2.2.9.2
2.2.9.3
2.2.9.4
2.2.9.5
2.2.9.6
2.3.0
2.3.1
2.3.1.1
2.3.1.3
2.3.1.4
2.3.1.5
2.3.1.6-preview
2.3.1.6
2.3.1.7
2.3.1.8
2.3.1.9
2.3.1.10
2.3.2
2.3.2.1
2.3.2.2
2.3.2.3
2.3.2.4
2.3.2.5
2.3.2.6
2.4.0
2.4.1
2.4.1.1
2.4.1.2
2.4.1.3
2.4.1.4
2.4.1.5
2.4.2
2.4.2.1
2.4.2.2
2.4.2.3
2.4.2.4
2.4.2.5
2.4.2.6
2.4.2.7
2.4.2.8
2.4.2.9
2.4.2.10
2.4.3
2.4.3.1
2.4.3.2
2.4.3.3
2.4.3.4
2.4.3.5
2.4.3.6
2.4.3.7
2.4.3.8
2.4.3.9
2.4.4
2.4.4.1
2.4.4.2
2.4.4.3
2.4.4.4
2.4.4.5
2.4.4.6
2.4.4.7
2.4.4.8
2.4.5.1
2.4.5.2
2.4.5.3
2.4.5.5
2.4.6
2.4.6.1
2.4.6.2
2.4.6.3
2.4.6.4
2.4.6.5
2.4.7
2.4.7.1
2.4.7.2
2.4.7.3
2.4.7.4
2.4.7.5
2.4.7.6
2.4.7.7
2.4.7.8
2.4.7.9
2.4.8
2.4.8.1
2.4.8.2
2.4.8.3
2.4.8.4
2.4.8.5
2.4.8.6