CVE-2021-23758
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
1.0
Description
Duplicate Advisory: Remote Code Execution in AjaxNetProfessional
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Metasploit modules
Source code queued for fetch โ refresh in a moment.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| NuGet | AjaxNetProfessional | <21.11.29.1 | 21.11.29.1 |
References
- https://github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-6r7c-6w96-8pvw
- https://nvd.nist.gov/vuln/detail/CVE-2021-23758
- https://github.com/michaelschwarz/Ajax.NET-Professional/commit/b0e63be5f0bb20dfce507cb8a1a9568f6e73de57
- https://github.com/michaelschwarz/Ajax.NET-Professional
- https://security.snyk.io/vuln/SNYK-DOTNET-AJAXPRO2-1925971
- http://packetstormsecurity.com/files/175677/AjaxPro-Deserialization-Remote-Code-Execution.html
- https://snyk.io/vuln/SNYK-DOTNET-AJAXPRO2-1925971
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.