CVE-2024-51417
MEDIUMSystem.Linq.Dynamic.Core < 1.6.0 - Unauthenticated Remote Property Access via Reflection
Title source: llmDescription
An issue in System.Linq.Dynamic.Core before 1.6.0 allows remote access to properties on reflection types and static properties/fields.
References (3)
Core 3
Core References
Various Sources
https://dynamic-linq.net/expression-language#operators
Various Sources
https://zzzprojects.com/
Scores
CVSS v3
6.4
EPSS
0.0022
EPSS Percentile
44.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-863
Status
published
Products (1)
nuget/System.Linq.Dynamic.Core
0 - 1.6.0NuGet
Published
Jan 21, 2025
Tracked Since
Feb 18, 2026