CVE-2023-32571

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-32571
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-32571.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-32571
Aliases
Published
2023-06-22T20:15:09.640Z
Modified
2026-04-11T12:45:15.880864Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.

References

Affected packages

Git / github.com/zzzprojects/System.Linq.Dynamic.Core

Affected ranges

Type
GIT
Repo
https://github.com/zzzprojects/System.Linq.Dynamic.Core
Events
Introduced
83e245dbcb5b788fb714756ad4db5eaa6adc7b34
Last affected
f5676b0b4e7ed6a8c78bd2943e438cc0bbf91e14
Database specific 
{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "1.0.7.10"
        },
        {
            "last_affected": "1.2.25"
        }
    ],
    "cpe": "cpe:2.3:a:dynamic-linq:linq:*:*:*:*:*:*:*:*"
}

Affected versions

1.*
1.0.10.0
1.0.11.0
1.0.12.0
1.0.13.0
1.0.14.0
1.0.15.0
1.0.16.0
1.0.17.0
1.0.18.0
1.0.19.0
1.0.20.0
1.0.21.0
1.0.22.0
1.0.23.0
1.0.24.0
1.0.7.10
1.0.7.12
1.0.7.13
1.0.8.0
1.0.8.1
1.0.8.10
1.0.8.11
1.0.8.12
1.0.8.14
1.0.8.15
1.0.8.16
1.0.8.17
1.0.8.18
1.0.8.2
1.0.8.3
1.0.8.4
1.0.8.5
1.0.8.6
1.0.8.7
1.0.8.8
1.0.8.9
1.0.9.0
1.0.9.1
1.0.9.2
1.1.0.0
v1.*
v1.1.1
v1.1.2
v1.1.3
v1.1.5
v1.1.6
v1.1.7
v1.1.8
v1.2.0
v1.2.1
v1.2.10
v1.2.11
v1.2.12
v1.2.13
v1.2.14
v1.2.15
v1.2.16
v1.2.17
v1.2.18
v1.2.19
v1.2.2
v1.2.20
v1.2.21
v1.2.22
v1.2.23
v1.2.24
v1.2.25
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.2.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-32571.json"