Home
LOW: 3.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:NDefault status
unaffected
Any version before 21.2.12
affected
22 (custom) before 22.1.7
affected
22.1.8 (custom) before 22.1.9
affected
22.2 (custom) before 22.2.3
affected
22.2.4 (custom) before 22.2.6
affected
23 (custom) before 23.1.3
affected
Description
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion.
Problem types
CWE-23 Relative Path Traversal
Product status
Any version before 21.2.12
22 (custom) before 22.1.7
22.1.8 (custom) before 22.1.9
22.2 (custom) before 22.2.3
22.2.4 (custom) before 22.2.6
23 (custom) before 23.1.3
References
supportcenter.devexpress.com/...ory-updated-on-april-27-2023
supportcenter.devexpress.com/...fe-data-type-deserialization
code-white.com/public-vulnerability-list/
supportcenter.devexpress.com/...ary-typeconverter-conversion