{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41880?format=json","vulnerability_id":"VCID-j7xu-5d7x-bkc3","summary":"Duplicate Advisory: Remote Code Execution in AjaxNetProfessional\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-6r7c-6w96-8pvw. This link is maintained to preserve external references.\n\n## Original Description\nAll versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution.","aliases":[{"alias":"GHSA-74r6-grj9-8rq6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/548462?format=json","purl":"pkg:nuget/AjaxNetProfessional@21.12.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-crfs-6hzj-9qep"},{"vulnerability":"VCID-m5ca-yh6h-93ek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/AjaxNetProfessional@21.12.8.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/546047?format=json","purl":"pkg:nuget/AjaxNetProfessional@21.10.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-crfs-6hzj-9qep"},{"vulnerability":"VCID-h3p2-m59z-gub3"},{"vulnerability":"VCID-j7xu-5d7x-bkc3"},{"vulnerability":"VCID-m5ca-yh6h-93ek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/AjaxNetProfessional@21.10.30"},{"url":"http://public2.vulnerablecode.io/api/packages/546048?format=json","purl":"pkg:nuget/AjaxNetProfessional@21.11.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-crfs-6hzj-9qep"},{"vulnerability":"VCID-h3p2-m59z-gub3"},{"vulnerability":"VCID-j7xu-5d7x-bkc3"},{"vulnerability":"VCID-m5ca-yh6h-93ek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/AjaxNetProfessional@21.11.22"},{"url":"http://public2.vulnerablecode.io/api/packages/511926?format=json","purl":"pkg:nuget/AjaxNetProfessional@21.11.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-crfs-6hzj-9qep"},{"vulnerability":"VCID-h3p2-m59z-gub3"},{"vulnerability":"VCID-j7xu-5d7x-bkc3"},{"vulnerability":"VCID-m5ca-yh6h-93ek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/AjaxNetProfessional@21.11.29"}],"references":[{"reference_url":"http://packetstormsecurity.com/files/175677/AjaxPro-Deserialization-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/175677/AjaxPro-Deserialization-Remote-Code-Execution.html"},{"reference_url":"https://github.com/michaelschwarz/Ajax.NET-Professional","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/michaelschwarz/Ajax.NET-Professional"},{"reference_url":"https://github.com/michaelschwarz/Ajax.NET-Professional/commit/b0e63be5f0bb20dfce507cb8a1a9568f6e73de57","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/michaelschwarz/Ajax.NET-Professional/commit/b0e63be5f0bb20dfce507cb8a1a9568f6e73de57"},{"reference_url":"https://snyk.io/vuln/SNYK-DOTNET-AJAXPRO2-1925971","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-DOTNET-AJAXPRO2-1925971"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23758","reference_id":"CVE-2021-23758","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23758"},{"reference_url":"https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-6r7c-6w96-8pvw","reference_id":"GHSA-6r7c-6w96-8pvw","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-6r7c-6w96-8pvw"},{"reference_url":"https://github.com/advisories/GHSA-74r6-grj9-8rq6","reference_id":"GHSA-74r6-grj9-8rq6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-74r6-grj9-8rq6"}],"weaknesses":[{"cwe_id":502,"name":"Deserialization of Untrusted Data","description":"The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":"0.5","weighted_severity":"9.0","risk_score":4.5,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7xu-5d7x-bkc3"}