Deserialization Vulnerability in JetBrains Software Products
CVE-2018-14878

7.8HIGH

Key Information:

Vendor: Jetbrains
Status: Dotpeek; Resharper Ultimate
Vendor: CVE Published:; 13 August 2018

Summary

JetBrains dotPeek prior to version 2018.2 and ReSharper Ultimate prior to version 2018.1.4 are susceptible to a serious vulnerability that allows attackers to execute arbitrary code through the deserialization of untrusted data. This occurs when a compiled .NET object, such as a DLL or EXE file, is decompiled using a specific file, enabling malicious users to exploit the system. It is crucial for users of these software products to upgrade to the latest versions to protect against this security flaw.

References

https://blog.jetbrains.com/dotnet/2018/08/02/resharper-ul...

x_refsource_CONFIRM

https://www.nccgroup.trust/uk/about-us/newsroom-and-event...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 13, 2018
Vulnerability Reserved
Aug 2, 2018