7.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-1000210

GHSA ID

GHSA-rpch-cqj9-h65r

EPSS Score

0.56015%

CWE

CWE-502

Published

10/16/2018

Updated

1/9/2023

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-1000210

CVE-2018-1000210: High severity vulnerability that affects YamlDotNet and YamlDotNet.Signed

YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0.

(GitHub Advisory)

7.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-1000210

GHSA ID

GHSA-rpch-cqj9-h65r

EPSS Score

0.56015%

CWE

CWE-502

Published

10/16/2018

Updated

1/9/2023

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
YamlDotNet	nuget	<= 4.3.2	5.0.0
YamlDotNet.Signed	nuget	<= 4.3.2	5.0.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from TypeNameInTagNodeTypeResolver's Resolve method which processes YAML tags without validation. The patch replaces this resolver with PreventUnknownTagsNodeTypeResolver and adds tag mapping requirements. The specific line using Type.GetType with nodeEvent.Tag demonstrates direct processing of untrusted input for type resolution, matching the CVE description of insecure deserialization. Runtime exploitation would show this resolver being invoked when parsing malicious tags.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Y*ml*otN*t v*rsion *.*.* *n* **rli*r *ont*ins * Ins**ur* *ir**t O*j**t R***r*n** vuln*r**ility in T** ****ult ****vior o* **s*ri*liz*r.**s*ri*liz*() will **s*ri*liz* us*r-*ontroll** typ*s in t** lin* "*urr*ntTyp* = Typ*.**tTyp*(no***v*nt.T**.Su*strin

Reasoning

T** vuln*r**ility st*ms *rom `Typ*N*m*InT**No**Typ*R*solv*r`'s `R*solv*` m*t*o* w*i** pro**ss*s Y*ML t**s wit*out v*li**tion. T** p*t** r*pl***s t*is r*solv*r wit* `Pr*v*ntUnknownT**sNo**Typ*R*solv*r` *n* ***s t** m*ppin* r*quir*m*nts. T** sp**i*i* l

7.8

Basic Information

Concerned about an active attack path?

CVE-2018-1000210: High severity vulnerability that affects YamlDotNet and YamlDotNet.Signed

7.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI