CVE-2018-1000210

Опубликовано: 13 июл. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0.

Ссылки

https://github.com/aaubry/YamlDotNet#version-500
Third Party Advisory
https://github.com/aaubry/YamlDotNet/blob/f96b7cc40a0498f8bafdeb49df3aa23aa2c60993/YamlDotNet/Serialization/NodeTypeResolvers/TypeNameInTagNodeTypeResolver.cs#L35
Third Party Advisory
https://github.com/aaubry/YamlDotNet#version-500
Third Party Advisory
https://github.com/aaubry/YamlDotNet/blob/f96b7cc40a0498f8bafdeb49df3aa23aa2c60993/YamlDotNet/Serialization/NodeTypeResolvers/TypeNameInTagNodeTypeResolver.cs#L35
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yamldotnet_project:yamldotnet:*:*:*:*:*:*:*:*

Версия до 4.3.2 (включая)

EPSS

Процентиль: 56%

0.00339

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-502

Связанные уязвимости

GHSA-rpch-cqj9-h65r