Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:nuget/System.Linq.Dynamic.Core@1.2.25

Type nuget

Namespace

Name System.Linq.Dynamic.Core

Version 1.2.25

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-qxk8-r75e-uyg1

vulnerability_id VCID-qxk8-r75e-uyg1

summary

Incorrect Comparison
Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.

references

reference_url	https://github.com/zzzprojects/System.Linq.Dynamic.Core
reference_id
reference_type
scores
url	https://github.com/zzzprojects/System.Linq.Dynamic.Core

reference_url	https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code-execution-vulnerability-cve-2023-32571/
reference_id
reference_type
scores
url	https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code-execution-vulnerability-cve-2023-32571/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-32571
reference_id	CVE-2023-32571
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-32571

fixed_packages

aliases CVE-2023-32571

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxk8-r75e-uyg1

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/System.Linq.Dynamic.Core@1.2.25

Package Instance