|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-12-21 | |
| Rule Name: | Ajax.NET Professional Deserialize Remote Code Execution Vulnerability (CVE-2021-23758) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://github.com/michaelschwarz/Ajax.NET-Professional/commit/b0e63be5f0bb20dfce507cb8a1a9568f6e73de57 https://snyk.io/vuln/SNYK-DOTNET-AJAXPRO2-1925971 |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: https://github.com/michaelschwarz/Ajax.NET-Professional/commit/b0e63be5f0bb20dfce507cb8a1a9568f6e73de57 |