PT-2018-12776 · Jetbrains · Resharper Ultimate+1

Soroush Dalili

Published

2018-08-13

Updated

2018-10-12

CVE-2018-14878

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions JetBrains dotPeek versions prior to 2018.2 JetBrains ReSharper Ultimate versions prior to 2018.1.4

Description The issue allows attackers to execute code by decompiling a compiled .NET object, such as a DLL or EXE file, with a specific file. This is due to the deserialization of untrusted data.

Recommendations For JetBrains dotPeek versions prior to 2018.2, update to version 2018.2 or later. For JetBrains ReSharper Ultimate versions prior to 2018.1.4, update to version 2018.1.4 or later.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2018-14878

Affected Products

Resharper Ultimate

Dotpeek

PT-2018-12776 · Jetbrains · Resharper Ultimate+1

CVE-2018-14878

Weakness Enumeration

Related Identifiers

Affected Products

References · 4