{"data":{"id":"4f50f7bd-3ed8-47e2-944d-3c3f763419ee","title":"CVE-2022-23535: LiteDB is a small, fast and lightweight .NET NoSQL embedded database. Versions prior to 5.0.13 are subject to Deserializ","summary":"LiteDB, a lightweight database library for .NET, has a vulnerability in versions before 5.0.13 where it can deserialize (convert data from a format like JSON back into usable objects) untrusted data. If an attacker sends specially crafted JSON to an application using LiteDB, the library may load unsafe objects by using a special `_type` field that tells it what class to create, potentially allowing malicious code execution.","solution":"Update LiteDB to version 5.0.13 or later. The source notes this version includes basic fixes to prevent the issue, though it is not completely guaranteed when using `Object` type. A future major version will add an allow-list to control which assemblies (code libraries) can be loaded. For immediate protection, consult the vendor advisory for additional workarounds.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-23535","publishedAt":"2023-02-24T23:15:10.663Z","cveId":"CVE-2022-23535","cweIds":["CWE-502","CWE-502"],"cvssScore":"7.3","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["LiteDB"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.01166,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}