CVE-2020-1469 – bond.core.csharp

Package

Manager: nuget
Name: bond.core.csharp
Vulnerable Version: >=3.0.0 <9.0.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.06026 pctl0.90356

Details

Infinite loop in .Net Bond A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. Handling of large container lengths that could cause an infinite loop when deserializing some payloads.

Metadata

Created: 2022-04-08T18:11:51Z
Modified: 2022-04-08T18:11:51Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-rqrc-8q8f-cp9c/GHSA-rqrc-8q8f-cp9c.json
CWE IDs: ["CWE-434", "CWE-835"]
Alternative ID: GHSA-rqrc-8q8f-cp9c
Finding: F027
Auto approve: 1