GHSA-rpch-cqj9-h65r

Suggest an improvement
Source
https://github.com/advisories/GHSA-rpch-cqj9-h65r
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-rpch-cqj9-h65r/GHSA-rpch-cqj9-h65r.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-rpch-cqj9-h65r
Aliases
Published
2018-10-16T17:01:10Z
Modified
2023-11-01T04:48:36.247264Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
High severity vulnerability that affects YamlDotNet and YamlDotNet.Signed
Details

YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0.

Database specific
{
    "nvd_published_at": null,
    "github_reviewed_at": "2020-06-16T21:55:19Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-502",
        "CWE-639"
    ]
}
References

Affected packages

NuGet / YamlDotNet

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.0

Affected versions

2.*

2.3.0-rc

3.*

3.0.0
3.1.0
3.1.1
3.2.0
3.2.1
3.2.2
3.3.0
3.3.1
3.4.0
3.5.0
3.5.1
3.6.0
3.6.1
3.7.0-pre129
3.7.0
3.8.0-pre138
3.8.0-pre143
3.8.0-pre145
3.8.0-pre146
3.8.0-pre147
3.8.0-pre148
3.8.0-pre155
3.8.0-pre156
3.8.0-pre158
3.8.0-pre159
3.8.0-pre161
3.8.0-pre162
3.8.0-pre167
3.8.0-pre169
3.8.0-pre170
3.8.0-pre171
3.8.0-pre175
3.8.0-pre178
3.8.0-pre184
3.8.0-pre185
3.8.0-pre186
3.8.0-pre187
3.8.0-pre188
3.8.0-pre189
3.8.0-pre190
3.8.0-pre191
3.8.0-pre193
3.8.0-pre194
3.8.0-pre195
3.8.0-pre196
3.8.0-pre197
3.8.0-pre198
3.8.0-pre199
3.8.0-pre200
3.8.0-pre201
3.8.0-pre203
3.8.0-pre206
3.8.0-pre209
3.8.0-pre210
3.8.0-pre211
3.8.0-pre214
3.8.0-pre221
3.8.0-pre222
3.8.0-pre223
3.8.0-pre232
3.8.0-pre233
3.8.0
3.9.0-pre239
3.9.0-pre240
3.9.0-pre241
3.9.0-pre243
3.9.0-pre245
3.9.0-pre249
3.9.0-pre252
3.9.0-pre254
3.9.0-pre259
3.9.0-pre262
3.9.0-pre263
3.9.0-pre265
3.9.0-pre268
3.9.0-pre269
3.9.0-pre270
3.9.0-pre271
3.9.0-pre273
3.9.0-pre276
3.9.0
3.9.1-pre274
3.9.1-pre275
3.9.1-pre277
3.9.1-pre279

4.*

4.0.0-pre272
4.0.0
4.0.1-pre281
4.0.1-pre284
4.0.1-pre285
4.0.1-pre287
4.0.1-pre288
4.0.1-pre291
4.0.1-pre292
4.0.1-pre297
4.0.1-pre298
4.0.1-pre305
4.0.1-pre306
4.0.1-pre307
4.0.1-pre308
4.0.1-pre309
4.0.1-pre318
4.0.1-pre319
4.0.1-pre322
4.0.1-pre323
4.1.0
4.1.1-cake-build0352
4.1.1-netstandard0377
4.1.1-netstandard0378
4.1.1-netstandard0381
4.1.1-netstandard0382
4.1.1-netstandard0383
4.1.1-netstandard0384
4.1.1-netstandard0385
4.1.1-netstandard0386
4.1.1-netstandard0387
4.1.1-netstandard0388
4.1.1-netstandard0389
4.1.1-netstandard0390
4.1.1-netstandard0391
4.1.1-netstandard0392
4.1.1-netstandard0395
4.1.1-netstandard0398
4.1.1-netstandard0405
4.1.1-netstandard0407
4.1.1-pre0354
4.1.1-pre0355
4.1.1-pre0356
4.1.1-pre0357
4.1.1-pre324
4.1.1-pre325
4.2.0
4.2.1-issue-2600412
4.2.1
4.2.2-fix-build0447
4.2.2-fix-build0448
4.2.2-net200423
4.2.2-pre0424
4.2.2-pre0425
4.2.2
4.2.3-pre0452
4.2.3-pre0454
4.2.3-vCipher-master0456
4.2.3
4.2.4-cleanup-solution0459
4.2.4-cleanup-solution0460
4.2.4-cleanup-solution0461
4.2.4
4.2.5-pre0464
4.3.0
4.3.1-pre0469
4.3.1
4.3.2-issue-3140480
4.3.2-issue-3140481
4.3.2-pre0473
4.3.2-pre0476
4.3.2-pre0478
4.3.2-pre0479
4.3.2-pre0482
4.3.2-pre0483
4.3.2-pre0485
4.3.2-pre0486
4.3.2
4.3.3-pre0489

Database specific

{
    "last_known_affected_version_range": "<= 4.3.2"
}

NuGet / YamlDotNet.Signed

Package

Name
YamlDotNet.Signed
View open source insights on deps.dev
Purl
pkg:nuget/YamlDotNet.Signed

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.0

Affected versions

3.*

3.3.1
3.4.0
3.5.0
3.5.1
3.6.0
3.6.1
3.7.0-pre129
3.7.0
3.8.0-pre143
3.8.0-pre145
3.8.0-pre146
3.8.0-pre147
3.8.0-pre148
3.8.0-pre155
3.8.0-pre156
3.8.0-pre158
3.8.0-pre159
3.8.0-pre161
3.8.0-pre162
3.8.0-pre167
3.8.0-pre169
3.8.0-pre170
3.8.0-pre171
3.8.0-pre175
3.8.0-pre178
3.8.0-pre184
3.8.0-pre185
3.8.0-pre186
3.8.0-pre187
3.8.0-pre188
3.8.0-pre189
3.8.0-pre190
3.8.0-pre191
3.8.0-pre193
3.8.0-pre194
3.8.0-pre195
3.8.0-pre196
3.8.0-pre197
3.8.0-pre198
3.8.0-pre199
3.8.0-pre200
3.8.0-pre201
3.8.0-pre203
3.8.0-pre206
3.8.0-pre209
3.8.0-pre210
3.8.0-pre211
3.8.0-pre214
3.8.0-pre221
3.8.0-pre222
3.8.0-pre223
3.8.0-pre232
3.8.0-pre233
3.8.0
3.9.0-pre239
3.9.0-pre240
3.9.0-pre241
3.9.0-pre243
3.9.0-pre245
3.9.0-pre249
3.9.0-pre252
3.9.0-pre254
3.9.0-pre259
3.9.0-pre262
3.9.0-pre263
3.9.0-pre265
3.9.0-pre268
3.9.0-pre269
3.9.0-pre270
3.9.0-pre271
3.9.0-pre273
3.9.0-pre276
3.9.0
3.9.1-pre274
3.9.1-pre275
3.9.1-pre277
3.9.1-pre279

4.*

4.0.0-pre272
4.0.0
4.0.1-pre281
4.0.1-pre284
4.0.1-pre285
4.0.1-pre287
4.0.1-pre288
4.0.1-pre291
4.0.1-pre292
4.0.1-pre297
4.0.1-pre298
4.0.1-pre305
4.0.1-pre306
4.0.1-pre307
4.0.1-pre308
4.0.1-pre309
4.0.1-pre318
4.0.1-pre319
4.0.1-pre322
4.0.1-pre323
4.1.0
4.1.1-netstandard0377
4.1.1-netstandard0378
4.1.1-netstandard0381
4.1.1-netstandard0382
4.1.1-netstandard0383
4.1.1-netstandard0384
4.1.1-netstandard0385
4.1.1-netstandard0386
4.1.1-netstandard0387
4.1.1-netstandard0388
4.1.1-netstandard0389
4.1.1-netstandard0390
4.1.1-netstandard0391
4.1.1-netstandard0392
4.1.1-netstandard0395
4.1.1-netstandard0398
4.1.1-netstandard0405
4.1.1-netstandard0407
4.1.1-pre0354
4.1.1-pre0355
4.1.1-pre0356
4.1.1-pre0357
4.1.1-pre324
4.1.1-pre325
4.2.0
4.2.1-issue-2600412
4.2.1
4.2.2-fix-build0447
4.2.2-fix-build0448
4.2.2-net200423
4.2.2-pre0424
4.2.2-pre0425
4.2.2
4.2.3-pre0452
4.2.3-pre0454
4.2.3-vCipher-master0456
4.2.3
4.2.4-cleanup-solution0459
4.2.4-cleanup-solution0460
4.2.4-cleanup-solution0461
4.2.4
4.2.5-pre0464
4.3.0
4.3.1-pre0469
4.3.1
4.3.2-issue-3140480
4.3.2-issue-3140481
4.3.2-pre0473
4.3.2-pre0476
4.3.2-pre0478
4.3.2-pre0479
4.3.2-pre0482
4.3.2-pre0483
4.3.2-pre0485
4.3.2-pre0486
4.3.2
4.3.3-pre0489

Database specific

{
    "last_known_affected_version_range": "<= 4.3.2"
}