Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03NHI2LWdyajktOHJxNs0ZEw
Remote Code Execution in AjaxNetProfessional
All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution.
Permalink: https://github.com/advisories/GHSA-74r6-grj9-8rq6JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03NHI2LWdyajktOHJxNs0ZEw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 2 years ago
Updated: 5 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-74r6-grj9-8rq6, CVE-2021-23758
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-23758
- https://github.com/michaelschwarz/Ajax.NET-Professional/commit/b0e63be5f0bb20dfce507cb8a1a9568f6e73de57
- https://snyk.io/vuln/SNYK-DOTNET-AJAXPRO2-1925971
- https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-6r7c-6w96-8pvw
- http://packetstormsecurity.com/files/175677/AjaxPro-Deserialization-Remote-Code-Execution.html
- https://github.com/advisories/GHSA-74r6-grj9-8rq6
Blast Radius: 1.0
Affected Packages
nuget:AjaxNetProfessional
Dependent packages: 0Dependent repositories: 0
Downloads: 12,774 total
Affected Version Ranges: <= 21.11.29
Fixed in: 21.11.29.1
All affected versions: 21.10.30, 21.11.22, 21.11.29
All unaffected versions: