AjaxNetProfessional

NuGet3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting AjaxNetProfessionalpage 1 of 1

CVE-2021-23758HIGHCVSS 8.1EG 9.0✓ Fixed in 21.11.29.1
2021-12-03
vulnerable: 21.10.30, 21.11.22, 21.11.29
All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution.
CVE-2021-43853HIGHCVSS 8.7EG 8.7✓ Fixed in 21.12.22.1
2021-12-22
vulnerable: 21.10.30, 21.11.22, 21.11.29, 21.12.21.1, 21.12.8.1
Ajax.NET Professional (AjaxPro) is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious us…
CVE-2023-49289MEDIUMCVSS 6.3EG 6.3✓ Fixed in 21.12.22.1
2023-12-05
vulnerable: 21.10.30, 21.11.22, 21.11.29, 21.12.21.1, 21.12.8.1
Ajax.NET Professional (AjaxPro) is an AJAX framework for Microsoft ASP.NET which will create proxy JavaScript classes that are used on client-side to invoke methods on the web server. Affected versions of this package are vulnerable cross …

Check whether AjaxNetProfessional is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for AjaxNetProfessional CVEs against the assets you own.

Start Free Scan →