AIKIDO-2025-10050
System.Linq.Dynamic.Core is vulnerable to System Information Disclosure
92
Critical Risk
This Affects:
System.Linq.Dynamic.CoreTL;DR
Affected versions of this package are affected by a property validation flaw caused by insufficient restrictions on types and members accessed through user-provided expressions. This vulnerability allows attackers to manipulate properties and static fields remotely using dynamic LINQ queries. By exploiting this flaw, attackers can bypass security measures, gain unauthorized access to sensitive information, and alter system configurations, potentially leading to critical data leakage and privilege escalation.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
System.Linq.Dynamic.Core is vulnerable to System Information Disclosure in versions 1.0.7 - 1.5.1.
How to fix this
Upgrade the System.Linq.Dynamic.Core library to the patch preview version and then upgrade it to a stable version when available.
Links
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant