Advisories for Nuget/LiteDB package

2023

LiteDB may deserialize bad JSON on object type using _type

LiteDB is a small, fast and lightweight .NET NoSQL embedded database. Versions prior to 5.0.13 are subject to Deserialization of Untrusted Data. LiteDB uses a special field in JSON documents to cast different types from BsonDocument to POCO classes. When instances of an object are not the same of class, BsonMapper use a special field _type string info with full class name with assembly to be loaded and fit into …