Property reflection in System.Linq.Dynamic.Core

Description

An issue in System.Linq.Dynamic.Core versions before v.1.6.0 allow remote access to properties on reflection types and static properties/fields.

Basic information

Type
reviewed
Severity
high
Advisory on GitHub
Open advisory ↗
Repository advisory
Source code
Browse source ↗
Published (advisory)
2025-01-21 21:30:53 UTC
Updated
2025-01-27 18:47:09 UTC
GitHub reviewed
2025-01-21 22:47:39 UTC
NVD published
2025-01-21

EPSS Score

Score Percentile
0.22% 44.53%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

Credits

  • larsk2009 (analyst)

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
nuget System.Linq.Dynamic.Core < 1.6.0 1.6.0

References

cvelogic Threat Intelligence