# Vulnerability Information ## Vulnerability Name Deserialization of Untrusted Data ## Affected Scope - **Affected Package**: singooocms.utility - **Affected Versions**: [0, ] ## Vulnerability Details - **CVE ID**: CVE-2022-0749 - **CWE ID**: CWE-502 - **First Added**: Snyk - **Severity**: 7.4 (High) ### Overview SinGooCMS.Utility is a collection of utilities including configuration, file, date, data, serialization, reflection, image processing, networking, caching, web-related, encryption/decryption, compression, and class extension tools—covering almost all development requirements! Supports netstandard2.1 and .NET Framework 4.6.1. This package in affected versions is vulnerable to deserialization of untrusted data attacks. Due to the lack of proper restrictions or type binding, it can be exploited by attackers. ### Remediation Advice No fixed versions are available for affected versions. ### Vulnerability Details Deserialization of Untrusted Data (CWE-502) occurs when an application deserializes untrusted data without sufficient validation of data validity, allowing attackers to control state or execution flow. ### Reference Links - [GitHub Issue](#) - [Vulnerable Code](#) ## CVSS Base Scores ### Snyk - **Attack Vector (AV)**: Network - **Attack Complexity (AC)**: High - **Privileges Required (PR)**: None - **User Interaction (UI)**: None - **Scope (S)**: Unchanged - **Confidentiality (C)**: None - **Integrity (I)**: High - **Availability (A)**: High ### NVD 9.8 (Critical) ## Additional Information - **Snyk ID**: SNYK-DOTNET-SINGOOCMSUTILITY-2312979 - **Published Date**: February 28, 2022 - **Disclosure Date**: December 8, 2021 - **Reporter**: Keyang Yin, zpbrent(zhou), peng@shu