Question about security #660

ItSkary · 2023-01-11T10:31:14Z

I have discovered that original System.Linq.Dynamic arround 2016 incorporate a security issue :
https://insinuator.net/2016/10/linq-injection-from-attacking-filters-to-code-execution/

Because i don't know how this product work, i would ask if such problem may affect also this tool, and if the answer is yes, which conter measure/mitigation may be adopted to prevent the issue.

Thanks for clarification.

JonathanMagnan · 2023-02-10T15:21:50Z

Hello @ItSkary ,

Sorry for the delay, and thank you for reporting this.

We are currently working on this issue and hope to release a new version shortly with a fix.

Best Regards,

Jon

StefH · 2023-03-03T18:35:09Z

#669

StefH · 2023-03-03T18:35:39Z

Hello @ItSkary, a new version 1.3.0 will have this fix and will be released shorty.

ItSkary · 2023-03-15T08:42:02Z

Thanks a lot, i will update the package in my project ASAP

StefH self-assigned this Feb 7, 2023

StefH added bug security and removed bug labels Feb 7, 2023

StefH closed this as completed Mar 3, 2023

bpieslak mentioned this issue Jul 5, 2023

Add input validation to the "PagedAndSortedResultRequestDto" class to add input validation on the "Sorting" property aspnetboilerplate/aspnetboilerplate#6739

Closed

nev-21 mentioned this issue Jul 24, 2023

Outdated library: System.Linq.Dynamic.Core abpframework/abp#17175

Closed

1 task

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Question about security #660

Question about security #660

ItSkary commented Jan 11, 2023

JonathanMagnan commented Feb 10, 2023

StefH commented Mar 3, 2023

StefH commented Mar 3, 2023

ItSkary commented Mar 15, 2023

Question about security #660

Question about security #660

Comments

ItSkary commented Jan 11, 2023

JonathanMagnan commented Feb 10, 2023

StefH commented Mar 3, 2023

StefH commented Mar 3, 2023

ItSkary commented Mar 15, 2023