Code Injection in Masuit.Tools.Core

GHSA-vh38-ghx6-vmvg · CVE-2022-21167

Published May 3, 2022 · Modified Mar 13, 2026

Description

All versions of package Masuit.Tools.Core are vulnerable to Arbitrary Code Execution via the ReceiveVarData function in the SocketClient.cs component. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-21167
WEB https://github.com/ldqk/Masuit.Tools
WEB https://github.com/ldqk/Masuit.Tools/blob/327f42b9f20f25bb66188672199c8265fc968d91/Masuit.Tools.Abstractions/Net/SocketClient.cs%23L197
WEB https://snyk.io/vuln/SNYK-DOTNET-MASUITTOOLSCORE-2316875

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes