Vulnerability Details CVE-2023-32571
Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.605
EPSS Ranking 98.2%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/zzzprojects/System.Linq.Dynamic.Core
- https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code-execution-vulnerability-cve-2023-32571/
- https://github.com/zzzprojects/System.Linq.Dynamic.Core
- https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code-execution-vulnerability-cve-2023-32571/
Products affected by CVE-2023-32571
-
cpe:2.3:a:dynamic-linq:linq:*