Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03NHI2LWdyajktOHJxNs0ZEw
Remote Code Execution in AjaxNetProfessional
All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution.
Permalink: https://github.com/advisories/GHSA-74r6-grj9-8rq6JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03NHI2LWdyajktOHJxNs0ZEw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 1 year ago
Updated: 4 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-74r6-grj9-8rq6, CVE-2021-23758
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-23758
- https://github.com/michaelschwarz/Ajax.NET-Professional/commit/b0e63be5f0bb20dfce507cb8a1a9568f6e73de57
- https://snyk.io/vuln/SNYK-DOTNET-AJAXPRO2-1925971
- https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-6r7c-6w96-8pvw
- https://github.com/advisories/GHSA-74r6-grj9-8rq6
Affected Packages
nuget:AjaxNetProfessional
Versions: <= 21.11.29Fixed in: 21.11.29.1