Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:7065
HistoryJul 16, 2018 - 9:21 a.m.

Remote Code Execution (RCE)

2018-07-1609:21:42
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8

EPSS

0.001

Percentile

36.9%

JSON

YamlDotNet is susceptible to remote code execution (RCE) through insecure direct object references. It can happen because the Deserializer.Deserialize() function does not prevent deserialization of user-controlled types currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false); and create instances of (De)serializer blindly, allowing arbitrary code to be executed.

Related

cvelist 1
github 1
nvd 1
osv 2
prion 1
cve 1
cvelist
cvelist
CVE-2018-1000210
2018-07-13 18:00:00
github
github
High severity vulnerability that affects YamlDotNet and YamlDotNet.Signed
2018-10-16 17:01:10
nvd
nvd
CVE-2018-1000210
2018-07-13 18:29:00
osv
osv
High severity vulnerability that affects YamlDotNet and YamlDotNet.Signed
2018-10-16 17:01:10
CVE-2018-1000210
2018-07-13 18:29:00
prion
prion
Design/Logic Flaw
2018-07-13 18:29:00
cve
cve
CVE-2018-1000210
2018-07-13 18:29:00

EPSS

0.001

Percentile

36.9%

JSON
Related for VERACODE:7065
cvelist1github1nvd1osv2prion1cve1