PT-2018-12882 · Progress Telerik · Justassembly+1
Publicado
2018-08-16
·
Atualizado
2018-10-15
·
CVE-2018-15122
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Progress Telerik JustAssembly versions through 2018.1.323.2
Progress Telerik JustDecompile versions through 2018.2.605.0
Description
An issue in Progress Telerik JustAssembly and JustDecompile makes it possible to execute code by decompiling a compiled .NET object with an embedded resource file. This can be achieved by clicking on the resource.
Recommendations
For Progress Telerik JustAssembly versions through 2018.1.323.2, avoid decompiling compiled .NET objects with embedded resource files until a fix is available.
For Progress Telerik JustDecompile versions through 2018.2.605.0, consider restricting access to the decompilation feature for .NET objects with embedded resources as a temporary mitigation measure.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Justassembly
Justdecompile