CVE-2023-32571 Information

Description

Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where Select OrderBy is parsed.

Reference

https://github.com/zzzprojects/System.Linq.Dynamic.Core https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code-execution-vulnerability-cve-2023-32571/