CVE-2024-51417
EPSS 0.16%Property reflection in System.Linq.Dynamic.Core
Published: 1/21/2025Modified: 1/27/2025
Description
An issue in System.Linq.Dynamic.Core versions before v.1.6.0 allow remote access to properties on reflection types and static properties/fields.
Affected packages (1)
- NuGet/System.Linq.Dynamic.Corefrom 0, < 1.6.0
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-51417
- PATCHhttps://github.com/zzzprojects/System.Linq.Dynamic.Core
- WEBhttps://dynamic-linq.net/expression-language#operators
- WEBhttps://github.com/zzzprojects/System.Linq.Dynamic.Core/commit/49b6cf0909cf3571e0d3580317675408300dbdac
- WEBhttps://github.com/zzzprojects/System.Linq.Dynamic.Core/issues/867
- WEBhttps://zzzprojects.com