CVE-2022-0749

Sažetak

This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.

Reference

https://github.com/SinGooCMS/SinGooCMSUtility/issues/1
https://github.com/SinGooCMS/SinGooCMSUtility/blob/master/SinGooCMS.Utility/Net/SocketClient.cs
https://snyk.io/vuln/SNYK-DOTNET-SINGOOCMSUTILITY-2312979

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

24-03-2022 - 02:19

Objavljeno

17-03-2022 - 12:15