CVE-2023-35815
DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data.
| Software | From | Fixed in |
|---|---|---|
| devexpress / devexpress | - | 21.2.12 |
| devexpress / devexpress | 22.1.8 | 22.1.8.x |
| devexpress / devexpress | 22.2.4 | 22.2.4.x |
| devexpress / devexpress | 22.2.5 | 22.2.5.x |
- https://code-white.com/public-vulnerability-list/
- https://supportcenter.devexpress.com/ticket/details/t1141947/data-source-protection-bypass-during-xml-deserialization
- https://supportcenter.devexpress.com/ticket/details/t1159142/web-reporting-data-source-protection-bypassed-during-xml-deserialization
- https://supportcenter.devexpress.com/ticket/details/t394936/devexpress-security-advisory-updated-on-april-27-2023
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime