GHSA-cmwp-442x-3rcv: Piranha CMS Cross-site Scripting vulnerability

GHSA-mmx8-vrfg-hfmq: Piranha CMS Cross-site Scripting vulnerability

GHSA-cvv5-9h9w-qp2m: Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID)

GHSA-995c-qww8-64fj: Oqtane Framework Incorrect Access Control vulnerability

GHSA-27hp-xhwr-wr2m: Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

All versions of package Masuit.Tools.Core are vulnerable to Arbitrary Code Execution via the ReceiveVarData<T> function in the SocketClient.cs component. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.

**Code Injection in Masuit.Tools.Core**

High severity GitHub Reviewed Published May 3, 2022 • Updated May 23, 2022

Headline

GHSA-vh38-ghx6-vmvg: Code Injection in Masuit.Tools.Core

ghsa: Latest News