CVE-2023-32571 – system.linq.dynamic.core

Package

Manager: nuget
Name: system.linq.dynamic.core
Vulnerable Version: >=1.0.7.10 <1.3.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.6047 pctl0.98231

Details

Dynamic Linq vulnerable to remote code execution Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.

Metadata

Created: 2023-06-22T21:30:49Z
Modified: 2023-07-03T21:34:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-w65q-jcmv-28gj/GHSA-w65q-jcmv-28gj.json
CWE IDs: ["CWE-697"]
Alternative ID: GHSA-w65q-jcmv-28gj
Finding: F184
Auto approve: 1