YamlDotNet 3.9.0-pre252

Prefix Reserved
Details
Advisory: https://github.com/advisories/GHSA-rpch-cqj9-h65r Severity: high
Suggested Alternatives

YamlDotNet 9.1.4

Additional Details

YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability has been fixed in 5.0.0.

This is a prerelease version of YamlDotNet.
There is a newer version of this package available.
See the version list below for details.
The owner has unlisted this package. This could mean that the package is deprecated, has security vulnerabilities or shouldn't be used anymore.

Requires NuGet 2.8 or higher.

dotnet add package YamlDotNet --version 3.9.0-pre252
                    
NuGet\Install-Package YamlDotNet -Version 3.9.0-pre252
                    
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="YamlDotNet" Version="3.9.0-pre252" />
                    
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="YamlDotNet" Version="3.9.0-pre252" />
                    
Directory.Packages.props
<PackageReference Include="YamlDotNet" />
                    
Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add YamlDotNet --version 3.9.0-pre252
                    
#r "nuget: YamlDotNet, 3.9.0-pre252"
                    
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#addin nuget:?package=YamlDotNet&version=3.9.0-pre252&prerelease
                    
Install as a Cake Addin
#tool nuget:?package=YamlDotNet&version=3.9.0-pre252&prerelease
                    
Install as a Cake Tool

A .NET library for YAML. YamlDotNet provides low level parsing and emitting of YAML as well as a high level object model similar to XmlDocument.

Product Compatible and additional computed target framework versions.
.NET Framework net35 is compatible.  net40 was computed.  net403 was computed.  net45 was computed.  net451 was computed.  net452 was computed.  net46 was computed.  net461 was computed.  net462 was computed.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 was computed.  net481 was computed. 
.NETPlatform dotnet is compatible. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

This package has no dependencies.

NuGet packages (911)

Showing the top 5 NuGet packages that depend on YamlDotNet:

Package Downloads
KubernetesClient

Client library for the Kubernetes open source container orchestrator.

NJsonSchema.Yaml

JSON Schema reader, generator and validator for .NET

KubernetesClient.Models

Client library for the Kubernetes open source container orchestrator.

WireMock.Net.OpenApiParser

An OpenApi (swagger) parser to generate MappingModel or mapping.json file.

NetEscapades.Configuration.Yaml

YAML configuration provider implementation to use with Microsoft.Extensions.Configuration.

GitHub repositories (263)

Showing the top 20 popular GitHub repositories that depend on YamlDotNet:

Repository Stars
2dust/v2rayN
A GUI client for Windows, Linux and macOS, support Xray and sing-box and others
microsoft/semantic-kernel
Integrate cutting-edge LLM technology quickly and easily into your apps
bitwarden/server
Bitwarden infrastructure/backend (API, database, Docker, etc).
marticliment/UniGetUI
UniGetUI: The Graphical Interface for your package managers. Could be terribly described as a package manager manager to manage your package managers
Jackett/Jackett
API Support for your favorite torrent trackers
JosefNemec/Playnite
Video game library manager with support for wide range of 3rd party libraries and game emulation support, providing one unified interface for your games.
chocolatey/choco
Chocolatey - the package manager for Windows
unoplatform/uno
Open-source platform for building cross-platform native Mobile, Web, Desktop and Embedded apps quickly. Create rich, C#/XAML, single-codebase apps from any IDE. Hot Reload included! 90m+ NuGet Downloads!!
dotnet/yarp
A toolkit for developing high-performance HTTP reverse proxy applications.
AutoDarkMode/Windows-Auto-Night-Mode
Automatically switches between the dark and light theme of Windows 10 and Windows 11
Kareadita/Kavita
Kavita is a fast, feature rich, cross platform reading server. Built with the goal of being a full solution for all your reading needs. Setup your own server and share your reading collection with your friends and family.
gitextensions/gitextensions
Git Extensions is a standalone UI tool for managing git repositories. It also integrates with Windows Explorer and Microsoft Visual Studio (2015/2017/2019).
btcpayserver/btcpayserver
Accept Bitcoin payments. Free, open-source & self-hosted, Bitcoin payment processor.
LykosAI/StabilityMatrix
Multi-Platform Package Manager for Stable Diffusion
ant-design-blazor/ant-design-blazor
🌈A rich set of enterprise-class UI components based on Ant Design and Blazor.
kurrent-io/KurrentDB
KurrentDB is a database that's engineered for modern software applications and event-driven architectures. Its event-native design simplifies data modeling and preserves data integrity while the integrated streaming engine solves distributed messaging challenges and ensures data consistency.
dotnet/tye
Tye is a tool that makes developing, testing, and deploying microservices and distributed applications easier. Project Tye includes a local orchestrator to make developing microservices easier and the ability to deploy microservices to Kubernetes with minimal configuration.
2dust/clashN
A clash client for Windows, support Mihomo
Prowlarr/Prowlarr
Prowlarr is an indexer manager/proxy built on the popular *arr .net/reactjs base stack to integrate with your various PVR apps, supporting management of both Torrent Trackers and Usenet Indexers.
Azure/azure-powershell
Microsoft Azure PowerShell
Version Downloads Last Updated
16.3.0 6,719,250 12/23/2024
16.2.1 1,798,091 12/1/2024
16.2.0 6,380,032 11/10/2024
16.1.3 2,351,212 9/26/2024
16.1.2 508,523 9/13/2024
16.1.1 5,864 9/13/2024
16.1.0 373,781 9/1/2024
16.0.0 6,349,327 7/14/2024
15.3.0 2,190,301 6/16/2024
15.1.6 626,578 5/29/2024
15.1.4 8,721,699 5/11/2024
15.1.2 4,174,990 2/26/2024
15.1.1 1,040,756 2/4/2024
15.1.0 5,798,679 1/23/2024
13.7.1 18,854,634 10/15/2023
13.7.0 121,500 10/10/2023
13.5.2 101,037 10/5/2023
13.5.1 50,743 10/5/2023
13.5.0 4,960 10/5/2023
13.4.0 1,435,135 9/20/2023
13.3.1 8,729,340 8/28/2023
13.2.0 665,840 8/14/2023
13.1.1 5,983,252 6/17/2023
13.1.0 2,552,900 4/16/2023
13.0.2 1,579,007 3/11/2023
13.0.1 7,003,009 2/19/2023
13.0.0 1,231,699 2/7/2023
12.3.1 8,956,851 12/19/2022
12.3.0 5,275 12/19/2022
12.2.1 253,668 12/14/2022
12.2.0 354,360 12/9/2022
12.1.0 666,248 12/5/2022
12.0.2 2,262,282 10/7/2022
12.0.1 9,478,938 9/17/2022
12.0.0 4,381,820 7/23/2022
11.2.1 86,821,492 6/28/2021
11.2.0 582,869 6/13/2021
11.1.3-nullable-enums-0003 42,094 4/9/2021
11.1.1 3,583,895 4/9/2021
11.1.0 34,428 4/8/2021
11.0.1 80,386 4/1/2021
10.1.0 76,151 3/31/2021
10.0.0 58,965 3/27/2021
9.1.4 8,591,166 1/15/2021
8.1.2 29,861,810 5/28/2020
8.1.0 15,138,923 1/18/2020
8.0.0 6,978,698 10/19/2019
7.0.0 734,824 9/28/2019
6.1.2 3,298,240 7/20/2019
6.1.1 636,508 6/4/2019
6.0.0 14,015,573 3/15/2019
5.4.0 428,528 2/12/2019
5.3.1 8,712 2/12/2019
5.3.0 1,451,628 12/5/2018
5.1.0 2,044,664 9/21/2018