Home
LOW: 3.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:NDefault status
unaffected
Any version before 21.2.12
affected
22 (custom) before 22.1.7
affected
22.1.8 (custom) before 22.1.9
affected
22.2 (custom) before 22.2.3
affected
22.2.4 (custom) before 22.2.6
affected
23 (custom) before 23.1.3
affected
Description
DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data.
Problem types
CWE-502 Deserialization of Untrusted Data
Product status
Any version before 21.2.12
22 (custom) before 22.1.7
22.1.8 (custom) before 22.1.9
22.2 (custom) before 22.2.3
22.2.4 (custom) before 22.2.6
23 (custom) before 23.1.3
References
supportcenter.devexpress.com/...ory-updated-on-april-27-2023
supportcenter.devexpress.com/...d-during-xml-deserialization
code-white.com/public-vulnerability-list/
supportcenter.devexpress.com/...s-during-xml-deserialization