CVE-2018-14878

Опубликовано: 13 авг. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data.

Ссылки

https://blog.jetbrains.com/dotnet/2018/08/02/resharper-ultimate-2018-1-4-rider-2018-1-4-released/
Patch
Vendor Advisory
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues/
Third Party Advisory
https://blog.jetbrains.com/dotnet/2018/08/02/resharper-ultimate-2018-1-4-rider-2018-1-4-released/
Patch
Vendor Advisory
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:jetbrains:dotpeek:*:*:*:*:*:*:*:*

Версия до 2018.2 (исключая)

cpe:2.3:a:jetbrains:resharper_ultimate:*:*:*:*:*:*:*:*

Версия до 2018.1.4 (включая)

EPSS

Процентиль: 0%

0.00004

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-502

Связанные уязвимости

GHSA-jw49-q6gw-45w7