.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
Description
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A vulnerability in .NET DataSet/DataTable XML deserialization can lead to elevation of privilege when custom types are allowed.
Vulnerability
Overview CVE-2023-24936 is an elevation of privilege vulnerability in .NET, .NET Framework, and Visual Studio. The root cause lies in the deserialization of XML data into DataSet or DataTable objects. By default, these classes use a restricted allow-list of types, but when a developer or administrator extends this list to include specific types, an attacker can craft malicious XML that triggers unauthorized actions during deserialization. [1][2]
Exploitation
Conditions Exploitation requires the application to use a custom allow-list for DataSet or DataTable deserialization. Without this configuration, the default protections prevent the vulnerability. An attacker must supply a specially crafted XML payload to a vulnerable application, potentially over the network if the service processes untrusted data. No authentication is mentioned as a prerequisite for the deserialization itself, but the attack surface depends on where the XML is deserialized. [1][2]
Impact
Successful exploitation results in elevation of privilege, allowing the attacker to perform operations beyond their intended permissions. The exact scope depends on the context of the application, but it could lead to arbitrary code execution or data access with elevated rights. [1][2]
Mitigation
The vulnerability affects .NET 7.0 versions prior to 7.0.5 and .NET 6.0 versions prior to 6.0.16. Patches are available in .NET 7.0.7 and .NET 6.0.18 respectively. Developers should update their .NET runtime and any affected packages (e.g., Microsoft.NetCore.App.Runtime) to the patched versions. As a workaround, use the default allow-list without extending it with untrusted types. [1][2]
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Microsoft.NETCore.App.Runtime.linux-armNuGet | >= 7.0.0, < 7.0.7 | 7.0.7 |
Microsoft.NETCore.App.Runtime.linux-arm64NuGet | >= 7.0.0, < 7.0.7 | 7.0.7 |
Microsoft.NETCore.App.Runtime.linux-musl-armNuGet | >= 7.0.0, < 7.0.7 | 7.0.7 |
Microsoft.NETCore.App.Runtime.linux-musl-arm64NuGet | >= 7.0.0, < 7.0.7 | 7.0.7 |
Microsoft.NETCore.App.Runtime.linux-musl-x64NuGet | >= 7.0.0, < 7.0.7 | 7.0.7 |
Microsoft.NETCore.App.Runtime.linux-x64NuGet | >= 7.0.0, < 7.0.7 | 7.0.7 |
Microsoft.NETCore.App.Runtime.osx-arm64NuGet | >= 7.0.0, < 7.0.7 | 7.0.7 |
Microsoft.NETCore.App.Runtime.osx-x64NuGet | >= 7.0.0, < 7.0.7 | 7.0.7 |
Microsoft.NETCore.App.Runtime.win-armNuGet | >= 7.0.0, < 7.0.7 | 7.0.7 |
Microsoft.NETCore.App.Runtime.win-arm64NuGet | >= 7.0.0, < 7.0.7 | 7.0.7 |
Microsoft.NETCore.App.Runtime.win-x64NuGet | >= 7.0.0, < 7.0.7 | 7.0.7 |
Microsoft.NETCore.App.Runtime.win-x86NuGet | >= 7.0.0, < 7.0.7 | 7.0.7 |
Microsoft.NETCore.App.Runtime.linux-armNuGet | >= 6.0.0, < 6.0.18 | 6.0.18 |
Microsoft.NETCore.App.Runtime.linux-arm64NuGet | >= 6.0.0, < 6.0.18 | 6.0.18 |
Microsoft.NETCore.App.Runtime.linux-musl-armNuGet | >= 6.0.0, < 6.0.18 | 6.0.18 |
Microsoft.NETCore.App.Runtime.linux-musl-arm64NuGet | >= 6.0.0, < 6.0.18 | 6.0.18 |
Microsoft.NETCore.App.Runtime.linux-musl-x64NuGet | >= 6.0.0, < 6.0.18 | 6.0.18 |
Microsoft.NETCore.App.Runtime.linux-x64NuGet | >= 6.0.0, < 6.0.18 | 6.0.18 |
Microsoft.NETCore.App.Runtime.osx-arm64NuGet | >= 6.0.0, < 6.0.18 | 6.0.18 |
Microsoft.NETCore.App.Runtime.osx-x64NuGet | >= 6.0.0, < 6.0.18 | 6.0.18 |
Microsoft.NETCore.App.Runtime.win-armNuGet | >= 6.0.0, < 6.0.18 | 6.0.18 |
Microsoft.NETCore.App.Runtime.win-arm64NuGet | >= 6.0.0, < 6.0.18 | 6.0.18 |
Microsoft.NETCore.App.Runtime.win-x64NuGet | >= 6.0.0, < 6.0.18 | 6.0.18 |
Microsoft.NETCore.App.Runtime.win-x86NuGet | >= 6.0.0, < 6.0.18 | 6.0.18 |
Affected products
55- osv-coords35 versionspkg:bitnami/dotnetpkg:bitnami/dotnet-sdkpkg:nuget/microsoft.netcore.app.runtime.linux-armpkg:nuget/microsoft.netcore.app.runtime.linux-arm64pkg:nuget/microsoft.netcore.app.runtime.linux-musl-armpkg:nuget/microsoft.netcore.app.runtime.linux-musl-arm64pkg:nuget/microsoft.netcore.app.runtime.linux-musl-x64pkg:nuget/microsoft.netcore.app.runtime.linux-x64pkg:nuget/microsoft.netcore.app.runtime.osx-arm64pkg:nuget/microsoft.netcore.app.runtime.osx-x64pkg:nuget/microsoft.netcore.app.runtime.win-armpkg:nuget/microsoft.netcore.app.runtime.win-arm64pkg:nuget/microsoft.netcore.app.runtime.win-x64pkg:nuget/microsoft.netcore.app.runtime.win-x86pkg:rpm/almalinux/aspnetcore-runtime-6.0pkg:rpm/almalinux/aspnetcore-runtime-7.0pkg:rpm/almalinux/aspnetcore-targeting-pack-6.0pkg:rpm/almalinux/aspnetcore-targeting-pack-7.0pkg:rpm/almalinux/dotnetpkg:rpm/almalinux/dotnet-apphost-pack-6.0pkg:rpm/almalinux/dotnet-apphost-pack-7.0pkg:rpm/almalinux/dotnet-hostpkg:rpm/almalinux/dotnet-hostfxr-6.0pkg:rpm/almalinux/dotnet-hostfxr-7.0pkg:rpm/almalinux/dotnet-runtime-6.0pkg:rpm/almalinux/dotnet-runtime-7.0pkg:rpm/almalinux/dotnet-sdk-6.0pkg:rpm/almalinux/dotnet-sdk-6.0-source-built-artifactspkg:rpm/almalinux/dotnet-sdk-7.0pkg:rpm/almalinux/dotnet-sdk-7.0-source-built-artifactspkg:rpm/almalinux/dotnet-targeting-pack-6.0pkg:rpm/almalinux/dotnet-targeting-pack-7.0pkg:rpm/almalinux/dotnet-templates-6.0pkg:rpm/almalinux/dotnet-templates-7.0pkg:rpm/almalinux/netstandard-targeting-pack-2.1
>= 6.0.0, < 6.0.1+ 34 more
- (no CPE)range: >= 6.0.0, < 6.0.1
- (no CPE)range: >= 6.0.0, < 6.0.1
- (no CPE)range: >= 7.0.0, < 7.0.7
- (no CPE)range: >= 7.0.0, < 7.0.7
- (no CPE)range: >= 7.0.0, < 7.0.7
- (no CPE)range: >= 7.0.0, < 7.0.7
- (no CPE)range: >= 7.0.0, < 7.0.7
- (no CPE)range: >= 7.0.0, < 7.0.7
- (no CPE)range: >= 7.0.0, < 7.0.7
- (no CPE)range: >= 7.0.0, < 7.0.7
- (no CPE)range: >= 7.0.0, < 7.0.7
- (no CPE)range: >= 7.0.0, < 7.0.7
- (no CPE)range: >= 7.0.0, < 7.0.7
- (no CPE)range: >= 7.0.0, < 7.0.7
- (no CPE)range: < 6.0.18-1.el9_2
- (no CPE)range: < 7.0.7-1.el9_2
- (no CPE)range: < 6.0.18-1.el9_2
- (no CPE)range: < 7.0.7-1.el9_2
- (no CPE)range: < 7.0.107-1.el8_8
- (no CPE)range: < 6.0.18-1.el9_2
- (no CPE)range: < 7.0.7-1.el9_2
- (no CPE)range: < 7.0.7-1.el9_2
- (no CPE)range: < 6.0.18-1.el9_2
- (no CPE)range: < 7.0.7-1.el9_2
- (no CPE)range: < 6.0.18-1.el9_2
- (no CPE)range: < 7.0.7-1.el9_2
- (no CPE)range: < 6.0.118-1.el9_2
- (no CPE)range: < 6.0.118-1.el9_2
- (no CPE)range: < 7.0.107-1.el9_2
- (no CPE)range: < 7.0.107-1.el9_2
- (no CPE)range: < 6.0.18-1.el9_2
- (no CPE)range: < 7.0.7-1.el9_2
- (no CPE)range: < 6.0.118-1.el9_2
- (no CPE)range: < 7.0.107-1.el9_2
- (no CPE)range: < 7.0.107-1.el9_2
- Microsoft/Microsoft .NET Framework 2.0 Service Pack 2v5Range: 2.0.0
- Microsoft/Microsoft .NET Framework 3.0 Service Pack 2v5Range: 3.0.0
- Microsoft/Microsoft .NET Framework 3.5v5Range: 3.5.0
- Microsoft/Microsoft .NET Framework 3.5.1v5Range: 3.5.0
- Microsoft/Microsoft .NET Framework 3.5 and 4.6.2v5Range: 4.7.0
- Microsoft/Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2v5Range: 3.0.0.0
- Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2v5Range: 4.7.0
- Microsoft/Microsoft .NET Framework 3.5 AND 4.8v5Range: 4.8.0
- Microsoft/Microsoft .NET Framework 3.5 AND 4.8.1v5Range: 4.8.1
- Microsoft/Microsoft .NET Framework 4.6.2v5Range: 4.7.0
- Microsoft/Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2v5Range: 4.7.0
- Microsoft/Microsoft .NET Framework 4.8v5Range: 4.8.0
- Microsoft/Microsoft Visual Studio 2022 version 17.0v5Range: 17.0.0
- Microsoft/Microsoft Visual Studio 2022 version 17.2v5Range: 17.2.0
- Microsoft/Microsoft Visual Studio 2022 version 17.4v5Range: 17.4.0
- Microsoft/Microsoft Visual Studio 2022 version 17.6v5Range: 17.6.0
- Microsoft/.NET 6.0v5Range: 6.0.0
- Microsoft/.NET 7.0v5Range: 7.0.0
- Microsoft/PowerShell 7.2v5Range: 7.2.0
- Microsoft/PowerShell 7.3v5Range: 7.3.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-jx7q-xxmw-44vfghsaADVISORY
- msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-24936ghsaADVISORY
- github.com/dotnet/announcements/issues/259ghsaWEB
- github.com/dotnet/runtime/security/advisories/GHSA-jx7q-xxmw-44vfghsaWEB
News mentions
0No linked articles in our index yet.