CVE-2022-0749

More information about this CVE will likely be available in a few days.

Description

This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.

Related CPE's

Could not find any relations

References

https://github.com/SinGooCMS/SinGooCMSUtility/issues/1

https://github.com/SinGooCMS/SinGooCMSUtility/blob/master/SinGooCMS.Utility/Net/SocketClient.cs

https://snyk.io/vuln/SNYK-DOTNET-SINGOOCMSUTILITY-2312979

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io