Arbitrary Code Execution Affecting masuit.tools.core package, versions [0,]


0.0
high

Snyk CVSS

    Attack Complexity High
    Confidentiality High
    Integrity High
    Availability High

    Threat Intelligence

    EPSS 0.38% (73rd percentile)
Expand this section
NVD
9.8 critical

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-DOTNET-MASUITTOOLSCORE-2316875
  • published 27 Feb 2022
  • disclosed 13 Dec 2021
  • credit Keyang Yin, zpbrent(zhou, peng@shu)

How to fix?

There is no fixed version for Masuit.Tools.Core.

Overview

Affected versions of this package are vulnerable to Arbitrary Code Execution via the ReceiveVarData<T> function in the SocketClient.cs component. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.

References