PT-2018-12776 · Jetbrains · Resharper Ultimate+1
Soroush Dalili
·
Publicado
2018-08-13
·
Atualizado
2018-10-12
·
CVE-2018-14878
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
JetBrains dotPeek versions prior to 2018.2
JetBrains ReSharper Ultimate versions prior to 2018.1.4
Description
The issue allows attackers to execute code by decompiling a compiled .NET object, such as a DLL or EXE file, with a specific file. This is due to the deserialization of untrusted data.
Recommendations
For JetBrains dotPeek versions prior to 2018.2, update to version 2018.2 or later.
For JetBrains ReSharper Ultimate versions prior to 2018.1.4, update to version 2018.1.4 or later.
Correção
Deserialization of Untrusted Data
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Resharper Ultimate
Dotpeek