Summary
Newtonsoft.Json TypeNameHandling.Auto is used in 4 locations across the plugin/configuration system. This is a well-documented Remote Code Execution (RCE) deserialization vulnerability.
Affected Files
| File |
Lines |
src/SharpSite.Web/ApplicationState.cs |
130-134, 212-216 |
src/SharpSite.Web/SharpsiteConfigurationExtensions.cs |
13-17, 19-25 |
Risk
If an attacker can write to the plugins directory, they can achieve full RCE via known Newtonsoft.Json gadget chains.
Recommended Fix
Replace with System.Text.Json polymorphic serialization, or implement a strict ISerializationBinder type whitelist.
Estimated Effort
2-4 hours. Blocks production readiness of the plugin system.
Summary
Newtonsoft.JsonTypeNameHandling.Autois used in 4 locations across the plugin/configuration system. This is a well-documented Remote Code Execution (RCE) deserialization vulnerability.Affected Files
src/SharpSite.Web/ApplicationState.cssrc/SharpSite.Web/SharpsiteConfigurationExtensions.csRisk
If an attacker can write to the plugins directory, they can achieve full RCE via known Newtonsoft.Json gadget chains.
Recommended Fix
Replace with
System.Text.Jsonpolymorphic serialization, or implement a strictISerializationBindertype whitelist.Estimated Effort
2-4 hours. Blocks production readiness of the plugin system.