Vulnerability Details CVE-2023-32571
Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.778
EPSS Ranking 99.0%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/zzzprojects/System.Linq.Dynamic.Core
- https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code-execution-vulnerability-cve-2023-32571/
- https://github.com/zzzprojects/System.Linq.Dynamic.Core
- https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code-execution-vulnerability-cve-2023-32571/
Products affected by CVE-2023-32571
-
cpe:2.3:a:dynamic-linq:linq:*