GHSA-29rv-fqx2-4c9f

Suggest an improvement
Source
https://github.com/advisories/GHSA-29rv-fqx2-4c9f
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-29rv-fqx2-4c9f/GHSA-29rv-fqx2-4c9f.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-29rv-fqx2-4c9f
Aliases
  • CVE-2022-0749
Published
2022-03-18T00:01:10Z
Modified
2023-11-01T04:57:12.370621Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Deserialization of Untrusted Data in SinGooCMS.Utility
Details

This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.

Database specific
{
    "nvd_published_at": "2022-03-17T12:15:00Z",
    "github_reviewed_at": "2022-09-07T23:58:29Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-502"
    ]
}
References

Affected packages

NuGet / SinGooCMS.Utility

Package

Name
SinGooCMS.Utility
View open source insights on deps.dev
Purl
pkg:nuget/SinGooCMS.Utility

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.6.2

Affected versions

1.*

1.0.0
1.2.0
1.3.0
1.3.1
1.3.2
1.5.0
1.5.1
1.5.2
1.6.0
1.6.1
1.6.2