12 matches found
EUVD-2023-0618
Malicious code in bioql PyPI...
CVE-2022-23535
LiteDB is a small, fast and lightweight .NET NoSQL embedded database. Versions prior to 5.0.13 are subject to Deserialization of Untrusted Data. LiteDB uses a special field in JSON documents to cast different types from BsonDocument to POCO classes. When instances of an object are not the same of...
Deserialization Of Untrusted Object
litedb is vulnerable to Deserialization Of Untrusted Objects. The vulnerability is caused by differing types in JSON documents, when a JSON document contains BsonDocument types, the library converts them to POCO. If an attacker can send a plain JSON string, they can inject and execute arbitrary...
CVE-2022-23535
LiteDB is a small, fast and lightweight .NET NoSQL embedded database. Versions prior to 5.0.13 are subject to Deserialization of Untrusted Data. LiteDB uses a special field in JSON documents to cast different types from BsonDocument to POCO classes. When instances of an object are not the same of...
Deserialization of untrusted data
LiteDB is a small, fast and lightweight .NET NoSQL embedded database. Versions prior to 5.0.13 are subject to Deserialization of Untrusted Data. LiteDB uses a special field in JSON documents to cast different types from BsonDocument to POCO classes. When instances of an object are not the same of...
CVE-2022-23535 LiteDB contains Deserialization of Untrusted Data
LiteDB is a small, fast and lightweight .NET NoSQL embedded database. Versions prior to 5.0.13 are subject to Deserialization of Untrusted Data. LiteDB uses a special field in JSON documents to cast different types from BsonDocument to POCO classes. When instances of an object are not the same of...
CVE-2022-23535 LiteDB contains Deserialization of Untrusted Data
LiteDB is a small, fast and lightweight .NET NoSQL embedded database. Versions prior to 5.0.13 are subject to Deserialization of Untrusted Data. LiteDB uses a special field in JSON documents to cast different types from BsonDocument to POCO classes. When instances of an object are not the same of...
CVE-2022-23535
CVE-2022-23535 — LiteDB is affected by a deserialization of untrusted data vulnerability in versions prior to 5.0.13. The issue stems from LiteDB’s BsonMapper deserializing JSON documents that include a special field _type with a full class name and assembly, which can load unsafe objects into th...
GHSA-3X49-G6RC-C284 LiteDB may deserialize bad JSON on object type using _type
Impact LiteDB use a special field in JSON documents to cast diferent types from BsonDocument do POCO classes. When instance of an object are not the same of class, BsonMapper use a special field type string info with full class name with assembly to be loaded and fit in your model. If your end-us...
LiteDB may deserialize bad JSON on object type using _type
Impact LiteDB use a special field in JSON documents to cast diferent types from BsonDocument do POCO classes. When instance of an object are not the same of class, BsonMapper use a special field type string info with full class name with assembly to be loaded and fit in your model. If your end-us...
LiteDB 代码问题漏洞
LiteDB is a .NET NoSQL document store in a single data file. A security vulnerability exists in LiteDB versions prior to 5.0.13 that stems from the use of a special field in a JSON document to convert to a different type from a POCO class, resulting in deserialization...
PT-2023-12727 · Litedb · Litedb
Name of the Vulnerable Software and Affected Versions: LiteDB versions prior to 5.0.13 Description: The issue concerns the deserialization of untrusted data in LiteDB, a .NET NoSQL embedded database. When instances of an object are not the same class, BsonMapper uses a special field type string...