AIKIDO-2024-10438
Microsoft.Diagnostics.Tracing.TraceEvent is vulnerable to Deserialization of Untrusted Data
71
High
Microsoft.Diagnostics.Tracing.TraceEvent dotnet
AIKIDO-2024-10438: Microsoft.Diagnostics.Tracing.TraceEvent is vulnerable to Deserialization of Untrusted Data in versions 2.0.0 - 3.1.16.
Deserialization of Untrusted Data
Vuln in 2.0.0 - 3.1.16
Fixed in 3.1.17
No CVE available
TL;DR
Affected versions of this package are vulnerable to deserialization of untrusted data, allowing deserialization of unknown data types. In the worst case, this vulnerability enables attackers to execute remote code.
Who does this affect?
You're affected if you are using a version which is within vulnerability ranges.
How can it be fixed?
Upgrade Microsoft.Diagnostics.Tracing.TraceEvent library to patch version.
Background info
Don’t be left in the dark
With in-house intel and access to top vulnerability databases, see it all with Aikido.
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US