Vulnerability Details CVE-2018-1000210
YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.1%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- https://github.com/aaubry/YamlDotNet#version-500
- https://github.com/aaubry/YamlDotNet/blob/f96b7cc40a0498f8bafdeb49df3aa23aa2c60993/YamlDotNet/Serialization/NodeTypeResolvers/TypeNameInTagNodeTypeResolver.cs#L35
- https://github.com/aaubry/YamlDotNet#version-500
- https://github.com/aaubry/YamlDotNet/blob/f96b7cc40a0498f8bafdeb49df3aa23aa2c60993/YamlDotNet/Serialization/NodeTypeResolvers/TypeNameInTagNodeTypeResolver.cs#L35
Products affected by CVE-2018-1000210
-
cpe:2.3:a:yamldotnet_project:yamldotnet:1.3.0
-
cpe:2.3:a:yamldotnet_project:yamldotnet:2.0.0
-
cpe:2.3:a:yamldotnet_project:yamldotnet:2.0.1
-
cpe:2.3:a:yamldotnet_project:yamldotnet:2.1.0
-
cpe:2.3:a:yamldotnet_project:yamldotnet:2.2.0
-
cpe:2.3:a:yamldotnet_project:yamldotnet:2.3.0
-
cpe:2.3:a:yamldotnet_project:yamldotnet:3.0.0
-
cpe:2.3:a:yamldotnet_project:yamldotnet:3.1.0
-
cpe:2.3:a:yamldotnet_project:yamldotnet:3.1.1
-
cpe:2.3:a:yamldotnet_project:yamldotnet:3.2.0
-
cpe:2.3:a:yamldotnet_project:yamldotnet:3.2.1
-
cpe:2.3:a:yamldotnet_project:yamldotnet:3.2.2
-
cpe:2.3:a:yamldotnet_project:yamldotnet:3.3.0
-
cpe:2.3:a:yamldotnet_project:yamldotnet:3.3.1
-
cpe:2.3:a:yamldotnet_project:yamldotnet:3.4.0
-
cpe:2.3:a:yamldotnet_project:yamldotnet:3.5.0
-
cpe:2.3:a:yamldotnet_project:yamldotnet:3.5.1
-
cpe:2.3:a:yamldotnet_project:yamldotnet:3.6.0
-
cpe:2.3:a:yamldotnet_project:yamldotnet:3.6.1
-
cpe:2.3:a:yamldotnet_project:yamldotnet:3.7.0
-
cpe:2.3:a:yamldotnet_project:yamldotnet:3.8.0
-
cpe:2.3:a:yamldotnet_project:yamldotnet:3.9.0
-
cpe:2.3:a:yamldotnet_project:yamldotnet:4.0.0
-
cpe:2.3:a:yamldotnet_project:yamldotnet:4.1.0
-
cpe:2.3:a:yamldotnet_project:yamldotnet:4.2.0
-
cpe:2.3:a:yamldotnet_project:yamldotnet:4.2.1
-
cpe:2.3:a:yamldotnet_project:yamldotnet:4.2.2
-
cpe:2.3:a:yamldotnet_project:yamldotnet:4.2.3
-
cpe:2.3:a:yamldotnet_project:yamldotnet:4.2.4
-
cpe:2.3:a:yamldotnet_project:yamldotnet:4.3.0
-
cpe:2.3:a:yamldotnet_project:yamldotnet:4.3.1
-
cpe:2.3:a:yamldotnet_project:yamldotnet:4.3.2