This repository has been archived by the owner on Oct 2, 2020. It is now read-only.
CVE-2018-1000210 High Severity Vulnerability detected by WhiteSource #27
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
CVE-2018-1000210 - High Severity Vulnerability
Stamps an assembly with git information based on SemVer.
path: /NEdifis/NEdifis/packages.config
Library home page: https://api.nuget.org/packages/gitversiontask.4.0.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: c0f599f5f8a9b9ece2377253b6da96a9aae81b7a
YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0.
Publish Date: 2018-07-13
URL: CVE-2018-1000210
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: