CVE-2023-32571

Name of the Vulnerable Software and Affected Versions Dynamic Linq versions 1.0.7.10 through 1.2.25

Description The issue is related to the use of an incomplete blacklist in the Dynamic Linq library, allowing attackers to execute arbitrary code when untrusted input is parsed by methods including Where, Select, and OrderBy. This can be exploited by a remote attacker to execute arbitrary code and commands.

Recommendations For Dynamic Linq versions 1.0.7.10 through 1.2.25, update to version 1.3.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of methods Where, Select, and OrderBy with untrusted input until a patch is applied. Avoid using these methods with user-supplied data to minimize the risk of exploitation.