Lucene search
Veracode Vulnerability DatabaseVERACODE:39476HistoryMar 01, 2023 - 10:14 a.m.
Deserialization Of Untrusted Object
2023-03-0110:14:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
48
litedb vulnerability
object deserialization
json
bsondocument
poco
bsonmapper
arbitrary code execution
EPSS
0.003
Percentile
69.9%
litedb is vulnerable to Deserialization Of Untrusted Objects. The vulnerability is caused by differing types in JSON documents, when a JSON document contains BsonDocument types, the library converts them to POCO. If an attacker can send a plain JSON string, they can inject and execute arbitrary code through the BsonMapper _type field.
Related
osv
osv
CVE-2022-23535
2023-02-24 23:15:10
LiteDB may deserialize bad JSON on object type using _type
2023-02-24 16:22:50
nvd
nvd
CVE-2022-23535
2023-02-24 23:15:10
cve
cve
CVE-2022-23535
2023-02-24 23:15:10
cvelist
cvelist
CVE-2022-23535 LiteDB contains Deserialization of Untrusted Data
2023-02-24 22:40:06
prion
prion
Deserialization of untrusted data
2023-02-24 23:15:00
github
github
LiteDB may deserialize bad JSON on object type using _type
2023-02-24 16:22:50