Incorrect Comparison

CVE-2023-32571

High

9.8/10

Summary

Dynamic Linq versions prior to 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including "Where", "Select", "OrderBy" is parsed.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-697 - Incorrect Comparison

The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

References

Advisory
Disclosure
Pull request
Release Note

Advisory Timeline

Published Jun 22, 2023

Incorrect Comparison

CVE-2023-32571

Summary

CWE-697 - Incorrect Comparison

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS