All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/175677/AjaxPro-Deserialization-Remote-Code-Execution.html | |
https://github.com/michaelschwarz/Ajax.NET-Professional/commit/b0e63be5f0bb20dfce507cb8a1a9568f6e73de57 | Patch Third Party Advisory |
https://snyk.io/vuln/SNYK-DOTNET-AJAXPRO2-1925971 | Third Party Advisory |
Configurations
History
14 Nov 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2021-12-03 20:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-23758
Mitre link : CVE-2021-23758
CVE.ORG link : CVE-2021-23758
JSON object : View
Products Affected
ajaxpro.2_project
- ajaxpro.2
CWE
CWE-502
Deserialization of Untrusted Data