CVE-2017-9424

IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code, related to use of TypeNameHandling in JSON deserialization.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ideablade:breeze.server.net:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:36

Type Values Removed Values Added
References () http://breeze.github.io/doc-net/release-notes.html - Release Notes, Vendor Advisory () http://breeze.github.io/doc-net/release-notes.html - Release Notes, Vendor Advisory
References () https://www.blackhat.com/us-17/briefings.html#friday-the-13th-json-attacks - Technical Description () https://www.blackhat.com/us-17/briefings.html#friday-the-13th-json-attacks - Technical Description

Information

Published : 2017-06-22 16:29

Updated : 2024-11-21 03:36


NVD link : CVE-2017-9424

Mitre link : CVE-2017-9424

CVE.ORG link : CVE-2017-9424


JSON object : View

Products Affected

ideablade

  • breeze.server.net
CWE
CWE-502

Deserialization of Untrusted Data