Dynamic Linq vulnerable to remote code execution

GHSA-w65q-jcmv-28gj · CVE-2023-32571

Published Jun 22, 2023 · Modified Feb 21, 2024

Description

Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-32571
PACKAGE https://github.com/zzzprojects/System.Linq.Dynamic.Core
WEB https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code-execution-vulnerability-cve-2023-32571

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes