CVE-2021-23758 – ajaxnetprofessional

Package

Manager: nuget
Name: ajaxnetprofessional
Vulnerable Version: >=0 <21.11.29.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.87776 pctl0.99437

Details

Remote Code Execution in AjaxNetProfessional All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution.

Metadata

Created: 2021-12-16T15:27:55Z
Modified: 2021-12-06T22:06:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-74r6-grj9-8rq6/GHSA-74r6-grj9-8rq6.json
CWE IDs: ["CWE-502"]
Alternative ID: GHSA-74r6-grj9-8rq6
Finding: F096
Auto approve: 1