CVE-2021-23758

critical

Description

All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution.

References

Advisories
More

https://snyk.io/vuln/SNYK-DOTNET-AJAXPRO2-1925971

https://github.com/michaelschwarz/Ajax.NET-Professional/commit/b0e63be5f0bb20dfce507cb8a1a9568f6e73de57

http://packetstormsecurity.com/files/175677/AjaxPro-Deserialization-Remote-Code-Execution.html

Details

Source: Mitre, NVD

Published: 2021-12-03

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.88768

Detections

Analytics