GHSA-V726-3VG9-CP34 Missing Authorization in FastReport

An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle for example GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress...

Missing Authorization in FastReport

An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle for example GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress...

Remote Code Execution (RCE)

FastReport.OpenSource is vulnerable to remote code execution RCE. An attacker can create a new expression or edit an existing one into, for example System.String.Join",", System.IO.Directory.GetDirectories@"c:/" as the library does not use ScriptSecurity feature and mishandle GetType, typeof,...

Design/Logic Flaw

An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle for example GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress...

CVE-2020-27998

CVE-2020-27998 affects FastReport prior to 2020.4.0, where the missing ScriptSecurity feature can allow mishandling of scripting constructs such as GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress. This creates potential remote-execution/code-injection-like risks as noted in mu...

CVE-2020-27998

An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle for example GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress...