Deserialization of Untrusted Data in SinGooCMS.Utility

GHSA-29rv-fqx2-4c9f · CVE-2022-0749

Published Mar 18, 2022 · Modified Nov 8, 2023

Description

This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-0749
WEB https://github.com/SinGooCMS/SinGooCMSUtility/issues/1
WEB https://github.com/SinGooCMS/SinGooCMSUtility/blob/master/SinGooCMS.Utility/Net/SocketClient.cs
WEB https://snyk.io/vuln/SNYK-DOTNET-SINGOOCMSUTILITY-2312979

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes