{"url":"http://public2.vulnerablecode.io/api/packages/65716?format=json","purl":"pkg:nuget/System.Linq.Dynamic.Core@1.0.7.10","type":"nuget","namespace":"","name":"System.Linq.Dynamic.Core","version":"1.0.7.10","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45470?format=json","vulnerability_id":"VCID-qxk8-r75e-uyg1","summary":"Incorrect Comparison\nDynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.","references":[{"reference_url":"https://github.com/zzzprojects/System.Linq.Dynamic.Core","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/zzzprojects/System.Linq.Dynamic.Core"},{"reference_url":"https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code-execution-vulnerability-cve-2023-32571/","reference_id":"","reference_type":"","scores":[],"url":"https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code-execution-vulnerability-cve-2023-32571/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32571","reference_id":"CVE-2023-32571","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32571"}],"fixed_packages":[],"aliases":["CVE-2023-32571"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxk8-r75e-uyg1"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/System.Linq.Dynamic.Core@1.0.7.10"}