Keyang Yin

**Name of the Vulnerable Software and Affected Versions** Masuit.Tools.Core versions all **Description** The issue concerns Arbitrary Code Execution via the ReceiveVarData<T> function in the SocketClient.cs component. This occurs because the socket client transmission lacks appropriate restrictions or type bindings for the BinaryFormatter, allowing a payload to be passed via user-controllable input after the connection is established. **Recommendations** For all versions, consider disabling the ReceiveVarData<T> function in the SocketClient.cs component as a temporary workaround until a patch is available. Restrict access to the SocketClient.cs component to minimize the risk of exploitation. Avoid using the BinaryFormatter without proper restrictions or type bindings in the affected component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SinGooCMS.Utility (affected versions not specified) **Description** The issue concerns the socket client in the SinGooCMS.Utility package, which lacks appropriate restrictions or type bindings for the BinaryFormatter. This allows user-controllable input to pass in the payload after the socket client has been established. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.