System.Linq.Dynamic.Core Reflection Access Vulnerability

A vulnerability in System.Linq.Dynamic.Core versions prior to 1.6.0 allows remote access to properties on reflection types and static properties or fields. This issue can be exploited to list the names and versions of installed NuGet packages, potentially leading to the exploitation of known vulnerabilities in those packages. The vulnerability arises from improper handling of reflection types and static members, which can be accessed through dynamic LINQ expressions.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, such as NuGet package details and their associated vulnerabilities, or to the exposure of static property or field values from the application's context.

Reproduction

The vulnerability can be reproduced by using a dynamic LINQ query that accesses reflection properties or static members. This can be done by selecting attributes or base types from the assembly of a reflection type, or by accessing static properties or fields from a static class.

Remediation

Users can update to System.Linq.Dynamic.Core version 1.6.0 or later, where this vulnerability has been patched.