The.NET ecosystem is affected by a similar flaw that has wreaked havoc among Java apps and developers in 2016. The flaw is in how.NET coding libraries handle deserialization operations, leading to situations where attackers can execute code on servers or computers handling deserialized data. The Java Apocalypse of 2015 and 2016 rocked the Java ecosystem in 2016, as it also affected 70 other Java libraries and was even used to compromise PayPal’s servers. Researchers also identified CVE-2017-9822 an XML deserializing flaw in DotNetNuke, today’s most used CMS CMS CMS.
Source: https://www.bleepingcomputer.com/news/security/severe-deserialization-issues-also-affect-net-not-just-java/