CVE-2018-1000210: Authorization Bypass Through User-Controlled Key

October 16, 2018 (updated September 17, 2021)

YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line “currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);” and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0.

References

github.com/aaubry/YamlDotNet
github.com/aaubry/YamlDotNet/blob/f96b7cc40a0498f8bafdeb49df3aa23aa2c60993/YamlDotNet/Serialization/NodeTypeResolvers/TypeNameInTagNodeTypeResolver.cs
github.com/advisories/GHSA-rpch-cqj9-h65r
nvd.nist.gov/vuln/detail/CVE-2018-1000210

Code Behaviors & Features

Detect and mitigate CVE-2018-1000210 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →