OKTA SDK 1.4.1 Vulnerability DLL YamlDotNet-4.2.0

[Shyamsj]

When are doing cato scan on our project which is reffing Okta Sdk 1.4.1 nuget package we are getting below issue. Can you please let us know when can we expect the upgraded version with the fix. "Security Vulnerabilities (1) Score: 7.8 YamlDotNet-4.2.0.0.dll 7/13/2018 CVE-2018-1000210 (https://vuln.whitesourcesoftware.com/vulnerability/CVE2018-1000210) YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize usercontrolled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0. Recommendation Upgrade to version 4.3.3"

[laura-rodriguez]

Hi @Shyamsj,

Thanks for reporting this issue. We will try to fix it as soon as we can.

[laura-rodriguez]

Hey @Shyamsj , I'm curious what tool do you use to scan vulnerabilities?