Critical severityNVD Advisory· Published Dec 3, 2021· Updated Sep 17, 2024
Deserialization of Untrusted Data
CVE-2021-23758
Description
All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
All versions of the AjaxPro.2 .NET library are vulnerable to unauthenticated deserialization of untrusted data, enabling remote code execution.
Vulnerability
All versions of the ajaxpro.2 NuGet package are vulnerable to Deserialization of Untrusted Data (CWE-502). The AjaxPro.AjaxHandlerFactory deserializes user-supplied data from HTTP requests without proper validation of the .NET types being instantiated, allowing an attacker to supply arbitrary deserialized classes [1][4]. This flaw is present in every version of the library, including the latest available release [4].
Exploitation
An attacker can exploit this vulnerability from an unauthenticated network position by sending a crafted HTTP POST request to an ASP.NET endpoint that uses the AjaxPro.AjaxHandlerFactory handler (mapped to *.ashx or configured in web.config) [3][4]. The request body contains serialized .NET objects that, upon deserialization, trigger the instantiation of arbitrary attacker-controlled classes, leading to code execution. No prior authentication or user interaction is required [1][4].
Impact
Successful exploitation results in full remote code execution (RCE) on the server under the identity of the ASP.NET worker process [1][4]. The attacker can then install programs, view, change, or delete data, or create new accounts with full user rights, effectively compromising the entire web application and potentially the underlying host [4].
Mitigation
As of the latest references, no official patched version of ajaxpro.2 has been released [4]. The vendor repository (Ajax.NET Professional) shows a commit that removes certain service files and updates the project, but no security fix for deserialization is included [2][3]. Because the library is no longer actively maintained, the only effective mitigation is to replace it with an alternative, secure AJAX library for ASP.NET [4].
References
- NVD - CVE-2021-23758
- added allowed customized types · michaelschwarz/Ajax.NET-Professional@b0e63be
- GitHub - michaelschwarz/Ajax.NET-Professional: Ajax.NET Professional (AjaxPro) is one of the first AJAX frameworks available for Microsoft ASP.NET and is working with many .NET frameworks starting with v1.1.
- Snyk Vulnerability Database | Snyk
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
AjaxNetProfessionalNuGet | < 21.11.29.1 | 21.11.29.1 |
Affected products
2- ajaxpro.2/ajaxpro.2description
Patches
1b0e63be5f0bbadded allowed customized types
15 files changed · +94 −4623
AjaxPro/AjaxPro.csproj+1 −12 modified@@ -11,7 +11,7 @@ </ApplicationIcon> <AssemblyKeyContainerName> </AssemblyKeyContainerName> - <AssemblyName>AjaxPro</AssemblyName> + <AssemblyName>AjaxPro.2</AssemblyName> <AssemblyOriginatorKeyFile> </AssemblyOriginatorKeyFile> <DefaultClientScript>JScript</DefaultClientScript> @@ -249,10 +249,6 @@ <Compile Include="Security\EncryptTransformer.cs" /> <Compile Include="Security\WebDecrypter.cs" /> <Compile Include="Security\WebEncrypter.cs" /> - <Compile Include="Services\AuthenticationService.cs" /> - <Compile Include="Services\CartService.cs" /> - <Compile Include="Services\ChatService.cs" /> - <Compile Include="Services\ProfileService.cs" /> <Compile Include="Utilities\AjaxSettings.cs"> <SubType>Code</SubType> </Compile> @@ -277,18 +273,11 @@ <EmbeddedResource Include="core.js" /> </ItemGroup> <ItemGroup> - <None Include="build_1.1.bat" /> - <None Include="build_2.0.bat" /> <None Include="web.config" /> </ItemGroup> <ItemGroup> - <None Include="build.bat" /> - <None Include="build_json.bat" /> <EmbeddedResource Include="ms.js" /> </ItemGroup> - <ItemGroup> - <Content Include="jquery-1.3.1.js" /> - </ItemGroup> <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" /> <PropertyGroup> <PreBuildEvent>
AjaxPro/AjaxPro.sln+2 −2 modified@@ -1,7 +1,7 @@ Microsoft Visual Studio Solution File, Format Version 12.00 -# Visual Studio 15 -VisualStudioVersion = 15.0.28307.1705 +# Visual Studio Version 16 +VisualStudioVersion = 16.0.31729.503 MinimumVisualStudioVersion = 10.0.40219.1 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AjaxPro", "AjaxPro.csproj", "{9AD42568-07A4-4D8B-9C6D-1FD54683EF4B}" EndProject
AjaxPro/Configuration/AjaxSettingsSectionHandler.cs+19 −0 modified@@ -34,6 +34,7 @@ * MS 07-04-24 added new settings (oldStyle == configuration) * added provider settings * added includeTypeProperty + * MS 21-10-27 added allowed customized types for JSON deserialization * * */ @@ -154,6 +155,24 @@ public object Create(object parent, object configContext, System.Xml.XmlNode sec if (n.SelectSingleNode("@enabled") != null && n.SelectSingleNode("@enabled").InnerText == "true") settings.DebugEnabled = true; } + else if (n.Name == "jsonDeserializationCustomTypes") + { + settings.IsJsonDeserializationCustomTypesDenied = n.Attributes["default"] == null || n.Attributes["default"].InnerText.ToLower() != "allow"; + + foreach (XmlNode sn in n.ChildNodes) + { + switch (sn.Name) + { + case "allow": + settings.JsonDeserializationCustomTypesAllowed.Add(sn.InnerText); + break; + + case "deny": + settings.JsonDeserializationCustomTypesDenied.Add(sn.InnerText); + break; + } + } + } else if (n.Name == "oldStyle" || n.Name == "configuration") { foreach (XmlNode sn in n.ChildNodes)
AjaxPro/core.js+1 −1 modified@@ -169,7 +169,7 @@ Object.extend(AjaxPro, { cryptProvider: null, queue: null, token: "", - version: "9.2.17.1", + version: "21.10.27.1", ID: "AjaxPro", noActiveX: false, timeoutPeriod: 15*1000,
AjaxPro/Handler/AjaxProcHelper.cs+29 −20 modified@@ -36,14 +36,17 @@ * MS 06-06-11 removed WebEvent because of SecurityPermissions not available in medium trust environments * MS 06-10-04 set UTF-8 encoding for XML documents * MS 07-04-24 fixed Ajax token + * MS 21-10-27 added allowed customized types for JSON deserialization + * * */ using System; using System.Reflection; using System.Web; using System.Web.Caching; using System.IO; -#if(NET20) +using System.Collections.Generic; +#if (NET20) using System.Web.Management; using System.Diagnostics; #endif @@ -115,25 +118,6 @@ internal void Run() object[] po = null; object res = null; - #region Retreive Parameters from the HTTP Request - - try - { - // The IAjaxProcessor will read the values either form the - // request URL or the request input stream. - - po = p.RetreiveParameters(); - } - catch(Exception ex) - { - p.SerializeObject(ex); - - if(p.Context.Trace.IsEnabled) p.Context.Trace.Write(Constant.AjaxID, "End ProcessRequest"); - return; - } - - #endregion - // Check if we have the same request already in our cache. The // cacheKey will be the type and a hashcode from the parameter values. @@ -151,6 +135,23 @@ internal void Run() return; } + #region Retreive Parameters from the HTTP Request + + try + { + // The IAjaxProcessor will read the values either form the + // request URL or the request input stream. + + po = p.RetreiveParameters(); + } + catch (Exception ex) + { + ReturnException(ex); + return; + } + + #endregion + #region Reflection part of Ajax.NET try @@ -326,5 +327,13 @@ internal void Run() winctx.Undo(); } } + + private void ReturnException(Exception ex) + { + p.SerializeObject(ex); + + if (p.Context.Trace.IsEnabled) p.Context.Trace.Write(Constant.AjaxID, "End ProcessRequest"); + return; + } } }
AjaxPro/jquery-1.3.1.js+0 −4241 removedAjaxPro/JSON/JavaScriptDeserializer.cs+22 −4 modified@@ -36,6 +36,7 @@ * MS 06-05-30 changed to new converter usage * MS 06-07-11 added generic method for DeserializeFromJson * MS 06-09-26 improved performance removing three-times cast + * MS 21-10-27 added allowed customized types for JSON deserialization * * */ @@ -212,11 +213,28 @@ public static object Deserialize(IJavaScriptObject o, Type type) /// <returns></returns> internal static object DeserializeCustomObject(JavaScriptObject o, Type type) { - object c = Activator.CreateInstance(type); + if (AjaxPro.Utility.Settings.IsJsonDeserializationCustomTypesDenied) + { + bool isCustomTypeAllowed = false; + + foreach (var s in AjaxPro.Utility.Settings.JsonDeserializationCustomTypesAllowed) + if (type.FullName.StartsWith(s, StringComparison.InvariantCultureIgnoreCase)) + { + isCustomTypeAllowed = true; + break; + } - // TODO: is this a security problem? - // if(o.GetType().GetCustomAttributes(typeof(AjaxClassAttribute), true).Length == 0) - // throw new System.Security.SecurityException("Could not create class '" + type.FullName + "' because of missing AjaxClass attribute."); + if (!isCustomTypeAllowed) + throw new System.Security.SecurityException("This cusomized type is not allowed as argument for this method."); + } + else + { + foreach (var s in AjaxPro.Utility.Settings.JsonDeserializationCustomTypesDenied) + if (type.FullName.StartsWith(s, StringComparison.InvariantCultureIgnoreCase)) + throw new System.Security.SecurityException("This cusomized type is not allowed as argument for this method."); + } + + object c = Activator.CreateInstance(type); MemberInfo[] members = type.GetMembers(BindingFlags.GetField | BindingFlags.GetProperty | BindingFlags.Public | BindingFlags.Instance); foreach (MemberInfo memberInfo in members)
AjaxPro/Services/AuthenticationService.cs+0 −89 removed@@ -1,89 +0,0 @@ -/* - * AuthenticationService.cs - * - * Copyright � 2007 Michael Schwarz (http://www.ajaxpro.info). - * All Rights Reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. - * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR - * ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF - * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ -/* - * MS 05-12-20 initial version - * MS 06-04-16 changed methods to static - * - * - * - * - */ -using System; -using System.Web.Security; - -namespace AjaxPro.Services -{ - [AjaxNamespace("AjaxPro.Services.Authentication")] - public class AuthenticationService - { - /// <summary> - /// Logins the specified username. - /// </summary> - /// <param name="username">The username.</param> - /// <param name="password">The password.</param> - /// <returns></returns> - [AjaxMethod] - public static bool Login(string username, string password) - { -#if(NET20) - if(Membership.Provider.ValidateUser(username, password)) -#else - if(FormsAuthentication.Authenticate(username, password)) -#endif - { - FormsAuthentication.SetAuthCookie(username, false); - return true; - } - - return false; - } - - /// <summary> - /// Logouts this instance. - /// </summary> - [AjaxMethod] - public static void Logout() - { - FormsAuthentication.SignOut(); - } - - /// <summary> - /// Validates the user. - /// </summary> - /// <param name="username">The username.</param> - /// <param name="password">The password.</param> - /// <returns></returns> - [AjaxMethod] - public static bool ValidateUser(string username, string password) - { -#if(NET20) - return Membership.Provider.ValidateUser(username, password); -#else - throw new NotImplementedException("ValidateUser is not yet implemented."); -#endif - } - } -}
AjaxPro/Services/CartService.cs+0 −61 removed@@ -1,61 +0,0 @@ -/* - * CartService.cs - * - * Copyright � 2007 Michael Schwarz (http://www.ajaxpro.info). - * All Rights Reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. - * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR - * ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF - * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ -#if(NET20) -/* - * MS 06-04-16 initial version - * - * - * - * - * - */ -using System; -using System.Text; - -namespace AjaxPro.Services -{ - [AjaxNamespace("AjaxPro.Services.Cart")] - public abstract class ICartService - { - /// <summary> - /// Adds the item. - /// </summary> - /// <param name="cartName">Name of the cart.</param> - /// <param name="item">The item.</param> - /// <returns></returns> - [AjaxMethod] - public abstract bool AddItem(string cartName, object item); - - /// <summary> - /// Gets the items. - /// </summary> - /// <param name="cartName">Name of the cart.</param> - /// <returns></returns> - [AjaxMethod] - public abstract object[] GetItems(string cartName); - } -} -#endif \ No newline at end of file
AjaxPro/Services/ChatService.cs+0 −71 removed@@ -1,71 +0,0 @@ -/* - * ChatService.cs - * - * Copyright � 2007 Michael Schwarz (http://www.ajaxpro.info). - * All Rights Reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. - * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR - * ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF - * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ -#if(NET20) -/* - * MS 06-04-16 initial version - * - * - * - * - * - */ -using System; -using System.Text; - -namespace AjaxPro.Services -{ - [AjaxNamespace("AjaxPro.Services.Chat")] - public abstract class IChatService - { - /// <summary> - /// Sends the message. - /// </summary> - /// <param name="room">The room.</param> - /// <param name="message">The message.</param> - /// <returns></returns> - [AjaxMethod] - public abstract bool SendMessage(string room, string message); - - /// <summary> - /// Retrieves the new. - /// </summary> - /// <param name="room">The room.</param> - /// <param name="lastRetreived">The last retreived.</param> - /// <returns></returns> - [AjaxMethod] - public abstract object[] RetrieveNew(string room, DateTime lastRetreived); - - /// <summary> - /// Retrieves the last. - /// </summary> - /// <param name="room">The room.</param> - /// <param name="count">The count.</param> - /// <returns></returns> - [AjaxMethod] - public abstract object[] RetrieveLast(string room, int count); - } -} -#endif \ No newline at end of file
AjaxPro/Services/ProfileService.cs+0 −91 removed@@ -1,91 +0,0 @@ -/* - * ProfileService.cs - * - * Copyright � 2007 Michael Schwarz (http://www.ajaxpro.info). - * All Rights Reserved. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, - * copy, modify, merge, publish, distribute, sublicense, and/or - * sell copies of the Software, and to permit persons to whom the - * Software is furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. - * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR - * ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF - * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ -#if(NET20) -/* - * MS 05-12-20 initial version - * MS 06-04-16 changed methods to static - * MS 06-04-25 changed GetProfile, added ProfileBaseConverter - * - * - * - */ -using System; -using System.Data; -using System.Collections; -using System.Configuration; -using System.Web; -using System.Web.Profile; - -namespace AjaxPro.Services -{ - [AjaxNamespace("AjaxPro.Services.Profile")] - public class ProfileService - { - /// <summary> - /// Gets the profile. - /// </summary> - /// <returns></returns> - [AjaxMethod] - public static ProfileBase GetProfile() - { - return HttpContext.Current.Profile; - } - - /// <summary> - /// Gets the profile property. - /// </summary> - /// <param name="property">The property.</param> - /// <returns></returns> - [AjaxMethod] - public static object GetProfileProperty(string property) - { - ProfileBase profile = HttpContext.Current.Profile; - if (profile == null) - { - return null; - } - return profile[property]; - } - - /// <summary> - /// Sets the profile. - /// </summary> - /// <param name="o">The o.</param> - /// <returns></returns> - [AjaxMethod] - public static bool SetProfile(JavaScriptObject o) - { - ProfileBase profile = HttpContext.Current.Profile; - foreach (string key in o.Keys) - { - profile[key] = JavaScriptDeserializer.Deserialize((IJavaScriptObject)o[key], profile[key].GetType()); - } - - return true; - } - } -} -#endif \ No newline at end of file
AjaxPro/Utilities/AjaxSettings.cs+9 −1 modified@@ -34,7 +34,7 @@ * added UseSimpleObjectNaming * using new AjaxSecurityProvider * fixed Ajax token - * + * MS 21-10-27 added allowed customized types for JSON deserialization */ using System; using System.Collections; @@ -127,6 +127,9 @@ internal AjaxSettings() SerializableConverters = new JavaScriptConverterList(); DeserializableConverters = new JavaScriptConverterList(); #endif + + JsonDeserializationCustomTypesAllowed = new List<string>(); + JsonDeserializationCustomTypesDenied = new List<string>(); } #region Public Properties @@ -244,6 +247,11 @@ internal System.Collections.Specialized.StringDictionary ScriptReplacements set{ m_ScriptReplacements = value; } } + public bool IsJsonDeserializationCustomTypesDenied { get; set; } + + public List<string> JsonDeserializationCustomTypesAllowed { get; set; } + public List<string> JsonDeserializationCustomTypesDenied { get; set; } + #endregion } #endif
AjaxPro/Utilities/Constant.cs+1 −1 modified@@ -52,6 +52,6 @@ public sealed class Constant /// <summary> /// The assembly version. /// </summary> - public const string AssemblyVersion = "21.10.26.1"; + public const string AssemblyVersion = "21.10.27.1"; } }
AjaxPro/web.config+9 −29 modified@@ -1,9 +1,7 @@ <?xml version="1.0"?> <configuration> - <configSections> <sectionGroup name="ajaxNet"> - <!-- If you are using Microsoft .NET 1.1 please remove the two attributes requirePermission and restartOnExternalChanges, they are only supported @@ -14,13 +12,10 @@ requirePermission="false" restartOnExternalChanges="true" /> - </sectionGroup> </configSections> - <ajaxNet> <ajaxSettings> - <urlNamespaceMappings useAssemblyQualifiedName="false" allowListOnly="false"> <!-- Set the attribute useAssemblyQualifiedName to true to enable @@ -33,8 +28,7 @@ <add type="Namespace.Class1,Assembly" path="mypath" /> --> </urlNamespaceMappings> - - <jsonConverters includeTypeProperty="true"> + <jsonConverters includeTypeProperty="false"> <!-- This section can be used to add new IJavaScriptConverters to the Ajax.NET Professional engine. If you want to disable built-in @@ -46,13 +40,14 @@ <add type="AjaxPro.BitmapConverter,AjaxPro.2" mimeType="image/jpeg" quality="100"/> --> </jsonConverters> - + <jsonDeserializationCustomTypes default="deny"> + <allow>MyOwnNamespace.</allow> + </jsonDeserializationCustomTypes> <!-- Set the enabled attribute to true to get Stack, TargetSize and Source information if an exception has been thrown. --> <debug enabled="false" /> - <!-- This is the default configuration used with Ajax.NET Professional. You can put there your static JavaScript files, or remove the path attribute @@ -64,16 +59,13 @@ <file name="converter" path="~/ajaxpro/converter.ashx" /> </scriptReplacements> --> - <!-- <encryption cryptType="" keyType="" /> --> - <!-- Set the enabled attribute to true to enable the use of an Ajax.NET Professional token. This will send a token to the client that will be used to identify if the requests comes from the same PC. --> <token enabled="false" sitePassword="password" /> - <!-- The oldStyle (or now configuration) section can be used to enable old styled JavaScript code or functions that are not used any more. Some of them cannot be used together. @@ -91,12 +83,9 @@ <useSimpleObjectNaming/> </configuration> --> - </ajaxSettings> </ajaxNet> - <!-- Common ASP.NET configuration --> - <appSettings/> <connectionStrings/> <system.web> @@ -110,27 +99,19 @@ --> </httpModules> </system.web> - <!-- Handler configuration for Ajax.NET Professional --> - <location path="ajaxpro"> <system.web> <httpHandlers> <add verb="*" path="*.ashx" type="AjaxPro.AjaxHandlerFactory,AjaxPro.2"/> </httpHandlers> - <!-- - If you need to have Ajax.NET Professional methods running on the - login page you may have to enable your own authorization configuration - here. - --> - <!-- - <authorization> - <deny users="?"/> - </authorization> - --> </system.web> + <system.webServer> + <handlers> + <add name="@ajaxpro" verb="*" path="*.ashx" type="AjaxPro.AjaxHandlerFactory,AjaxPro.2" /> + </handlers> + </system.webServer> </location> - <!-- If you are using the AjaxPro.BitmapConverter you have to use following location configuration to get a JPEG of the Bitmap. @@ -144,5 +125,4 @@ </system.web> </location> --> - </configuration> \ No newline at end of file
.gitignore+1 −0 modified@@ -6,3 +6,4 @@ /AjaxPro/.vs/AjaxPro /AjaxPro/bin /AjaxPro/obj +/DemoWebSite
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-6r7c-6w96-8pvwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23758ghsaADVISORY
- packetstormsecurity.com/files/175677/AjaxPro-Deserialization-Remote-Code-Execution.htmlghsaWEB
- github.com/michaelschwarz/Ajax.NET-Professional/commit/b0e63be5f0bb20dfce507cb8a1a9568f6e73de57ghsaWEB
- github.com/michaelschwarz/Ajax.NET-Professional/security/advisories/GHSA-6r7c-6w96-8pvwghsaWEB
- security.snyk.io/vuln/SNYK-DOTNET-AJAXPRO2-1925971ghsaWEB
- snyk.io/vuln/SNYK-DOTNET-AJAXPRO2-1925971mitre
News mentions
0No linked articles in our index yet.