Vulnerabilities > Yamldotnet Project

DATE CVE VULNERABILITY TITLE RISK
2018-07-13 CVE-2018-1000210 Authorization Bypass Through User-Controlled Key vulnerability in Yamldotnet Project Yamldotnet
YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them.
6.8