CVE-2018-1000210

{"id": "CVE-2018-1000210", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-07-13T18:29:00.397", "references": [{"url": "https://github.com/aaubry/YamlDotNet#version-500", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/aaubry/YamlDotNet/blob/f96b7cc40a0498f8bafdeb49df3aa23aa2c60993/YamlDotNet/Serialization/NodeTypeResolvers/TypeNameInTagNodeTypeResolver.cs#L35", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}, {"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line \"currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);\" and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0."}, {"lang": "es", "value": "YamlDotNet en versiones 4.3.2 y anteriores contiene una vulnerabilidad de referencia directa a objeto insegura. El comportamiento por defecto de Deserializer.Deserialize() deserializar\u00e1 tipos controlados por el usuario en la l\u00ednea \"currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);\" y los instancia de forma ciega. Esto puede resultar en la ejecuci\u00f3n de c\u00f3digo en el contexto del proceso en ejecuci\u00f3n. El ataque parece ser explotable si una v\u00edctima analiza un archivo YAML especialmente manipulado. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 5.0.0."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yamldotnet_project:yamldotnet:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D5DF875-2D1D-426E-8420-9D5EEFE76D8F", "versionEndIncluding": "4.3.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}