CVE-2023-32571: Incorrect Comparison

June 22, 2023 (updated July 3, 2023)

Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.

References

github.com/zzzprojects/System.Linq.Dynamic.Core
nvd.nist.gov/vuln/detail/CVE-2023-32571
research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code-execution-vulnerability-cve-2023-32571/

Detect and mitigate CVE-2023-32571 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →