VYPR
Get started
← All advisories
Critical severity9.8NVD Advisory· Published Jul 22, 2024· Updated Apr 15, 2026

CVE-2024-28698

CVE-2024-28698

Description

Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to execute arbitrary code via a crafted script to the MobileFormatter component.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
CslaNuGet
< 5.5.45.5.4
CslaNuGet
>= 6.0.0, < 8.0.08.0.0
CslaNuGet
>= 7.0.0, < 8.0.08.0.0

Patches

5
2dd9b1fc2e0d
https://github.com/MarimerLLC/cslavia osv
f3a5c3474974

#4133 Backfit of : Prevent use of .. or : in file path #3552 (#4144)

https://github.com/MarimerLLC/cslaMaceySoftwareAug 6, 2024via ghsa
commit
1 file changed · +4 1
  • Source/Csla/Reflection/MethodCaller.cs+4 1 modified
    @@ -252,8 +252,11 @@ public static Type GetType(string typeName, bool throwOnError, bool ignoreCase)
 
         if (splitName.Length > 2)
         {
-          var asm = AssemblyLoadContext.Default.LoadFromAssemblyPath(AppContext.BaseDirectory + splitName[1].Trim() + ".dll");
+          var path = AppContext.BaseDirectory + splitName[1].Trim() + ".dll";
+          if (path.Contains("..") || path.Contains(':'))
+            throw new TypeLoadException(path);
 
+          var asm = AssemblyLoadContext.Default.LoadFromAssemblyPath(path);
           return asm.GetType(splitName[0].Trim());
         }
         else
8fbdd8c773bf

#4133 Backfit of : Prevent use of .. or : in file path #3552 for v6.x (#4145)

https://github.com/MarimerLLC/cslaMaceySoftwareAug 6, 2024via ghsa
commit
1 file changed · +4 1
  • Source/Csla/Reflection/MethodCaller.cs+4 1 modified
    @@ -252,8 +252,11 @@ public static Type GetType(string typeName, bool throwOnError, bool ignoreCase)
 
         if (splitName.Length > 2)
         {
-          var asm = AssemblyLoadContext.Default.LoadFromAssemblyPath(AppContext.BaseDirectory + splitName[1].Trim() + ".dll");
+          var path = AppContext.BaseDirectory + splitName[1].Trim() + ".dll";
+          if (path.Contains("..") || path.Contains(':'))
+            throw new TypeLoadException(path);
 
+          var asm = AssemblyLoadContext.Default.LoadFromAssemblyPath(path);
           return asm.GetType(splitName[0].Trim());
         }
         else
445bc609bc11

#4133 Backfit of : Prevent use of .. or : in file path #3552 (#4138)

https://github.com/MarimerLLC/cslaMaceySoftwareAug 6, 2024via ghsa
commit
1 file changed · +5 1
  • Source/Csla.Shared/Reflection/MethodCaller.cs+5 1 modified
    @@ -234,7 +234,11 @@ public static Type GetType(string typeName, bool throwOnError, bool ignoreCase)
         string[] splitName = typeName.Split(',');
         if (splitName.Length > 2)
         {
-          var asm = AssemblyLoadContext.Default.LoadFromAssemblyPath(AppContext.BaseDirectory + splitName[1].Trim() + ".dll");
+          var path = AppContext.BaseDirectory + splitName[1].Trim() + ".dll";
+          if (path.Contains("..") || path.Contains(':'))
+            throw new TypeLoadException(path);
+
+          var asm = AssemblyLoadContext.Default.LoadFromAssemblyPath(path);
           return asm.GetType(splitName[0].Trim());
         }
         else
2c32a5748a0a

Merge pull request #3552 from rockfordlhotka/3551-assemblyload

https://github.com/MarimerLLC/cslaRockford LhotkaNov 16, 2023via ghsa
commit
1 file changed · +4 1
  • Source/Csla/Reflection/MethodCaller.cs+4 1 modified
    @@ -252,8 +252,11 @@ public static Type GetType(string typeName, bool throwOnError, bool ignoreCase)
 
         if (splitName.Length > 2)
         {
-          var asm = AssemblyLoadContext.Default.LoadFromAssemblyPath(AppContext.BaseDirectory + splitName[1].Trim() + ".dll");
+          var path = AppContext.BaseDirectory + splitName[1].Trim() + ".dll";
+          if (path.Contains("..") || path.Contains(':'))
+            throw new TypeLoadException(path);
 
+          var asm = AssemblyLoadContext.Default.LoadFromAssemblyPath(path);
           return asm.GetType(splitName[0].Trim());
         }
         else

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

9

News mentions

0

No linked articles in our index yet.