Skip to content

Instantly share code, notes, and snippets.

@tree-chtsec
Created June 27, 2021 12:36
Show Gist options
  • Save tree-chtsec/27013ed6cb297b24e44f6359439b678e to your computer and use it in GitHub Desktop.
Save tree-chtsec/27013ed6cb297b24e44f6359439b678e to your computer and use it in GitHub Desktop.
> [Suggested description]
> In DevExpress.XtraReports.UI , there is
> Insecure Deserialization in the XtraReports.FromFile by default if not called `DeserializationSettings.EnableSafeDeserialization();` manually.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Insecure Deserialization
>
> ------------------------------------------
>
> [Vendor of Product]
> DevExpress
>
> ------------------------------------------
>
> [Affected Product Code Base]
> DevExpress.XtraReports.UI
>
> ------------------------------------------
>
> [Affected Component]
> https://docs.devexpress.com/XtraReports/10011/detailed-guide-to-devexpress-reporting/store-and-distribute-reports/store-report-layouts-and-documents/xml-serialization
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Reference]
> https://docs.devexpress.com/XtraReports/10011/detailed-guide-to-devexpress-reporting/store-and-distribute-reports/store-report-layouts-and-documents/xml-serialization
> https://supportcenter.devexpress.com/ticket/details/t708194/net-web-controls-unsafe-data-type-deserialization-updated-on-december-19-2019
>
> ------------------------------------------
>
> [Discoverer]
> CHT Security/Tree
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment