Vulnerability Details CVE-2018-14878
JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.1%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- https://blog.jetbrains.com/dotnet/2018/08/02/resharper-ultimate-2018-1-4-rider-2018-1-4-released/
- https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues/
- https://blog.jetbrains.com/dotnet/2018/08/02/resharper-ultimate-2018-1-4-rider-2018-1-4-released/
- https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues/
Products affected by CVE-2018-14878
-
cpe:2.3:a:jetbrains:dotpeek:10.0
-
cpe:2.3:a:jetbrains:dotpeek:2016.2
-
cpe:2.3:a:jetbrains:dotpeek:2016.2.1
-
cpe:2.3:a:jetbrains:dotpeek:2016.2.2
-
cpe:2.3:a:jetbrains:dotpeek:2016.3
-
cpe:2.3:a:jetbrains:dotpeek:2016.3.1
-
cpe:2.3:a:jetbrains:dotpeek:2016.3.2
-
cpe:2.3:a:jetbrains:dotpeek:2017.1
-
cpe:2.3:a:jetbrains:dotpeek:2017.1.1
-
cpe:2.3:a:jetbrains:dotpeek:2017.1.2
-
cpe:2.3:a:jetbrains:dotpeek:2017.1.3
-
cpe:2.3:a:jetbrains:dotpeek:2017.2
-
cpe:2.3:a:jetbrains:dotpeek:2017.2.1
-
cpe:2.3:a:jetbrains:dotpeek:2017.2.2
-
cpe:2.3:a:jetbrains:dotpeek:2017.3
-
cpe:2.3:a:jetbrains:dotpeek:2017.3.1
-
cpe:2.3:a:jetbrains:dotpeek:2017.3.2
-
cpe:2.3:a:jetbrains:dotpeek:2017.3.3
-
cpe:2.3:a:jetbrains:dotpeek:2017.3.4
-
cpe:2.3:a:jetbrains:dotpeek:2017.3.5
-
cpe:2.3:a:jetbrains:dotpeek:2018.1
-
cpe:2.3:a:jetbrains:dotpeek:2018.1.1
-
cpe:2.3:a:jetbrains:dotpeek:2018.1.2
-
cpe:2.3:a:jetbrains:dotpeek:2018.1.3
-
cpe:2.3:a:jetbrains:dotpeek:2018.1.4
-
cpe:2.3:a:jetbrains:resharper_ultimate:2016.1
-
cpe:2.3:a:jetbrains:resharper_ultimate:2016.1.1
-
cpe:2.3:a:jetbrains:resharper_ultimate:2016.1.2
-
cpe:2.3:a:jetbrains:resharper_ultimate:2016.2
-
cpe:2.3:a:jetbrains:resharper_ultimate:2016.2.1
-
cpe:2.3:a:jetbrains:resharper_ultimate:2016.2.2
-
cpe:2.3:a:jetbrains:resharper_ultimate:2016.2.3
-
cpe:2.3:a:jetbrains:resharper_ultimate:2016.3
-
cpe:2.3:a:jetbrains:resharper_ultimate:2016.3.1
-
cpe:2.3:a:jetbrains:resharper_ultimate:2016.3.2
-
cpe:2.3:a:jetbrains:resharper_ultimate:2017.1
-
cpe:2.3:a:jetbrains:resharper_ultimate:2017.1.1
-
cpe:2.3:a:jetbrains:resharper_ultimate:2017.1.2
-
cpe:2.3:a:jetbrains:resharper_ultimate:2017.1.3
-
cpe:2.3:a:jetbrains:resharper_ultimate:2017.2
-
cpe:2.3:a:jetbrains:resharper_ultimate:2017.2.1
-
cpe:2.3:a:jetbrains:resharper_ultimate:2017.2.2
-
cpe:2.3:a:jetbrains:resharper_ultimate:2017.3
-
cpe:2.3:a:jetbrains:resharper_ultimate:2017.3.1
-
cpe:2.3:a:jetbrains:resharper_ultimate:2017.3.2
-
cpe:2.3:a:jetbrains:resharper_ultimate:2017.3.3
-
cpe:2.3:a:jetbrains:resharper_ultimate:2017.3.5
-
cpe:2.3:a:jetbrains:resharper_ultimate:2018.1
-
cpe:2.3:a:jetbrains:resharper_ultimate:2018.1.1
-
cpe:2.3:a:jetbrains:resharper_ultimate:2018.1.2
-
cpe:2.3:a:jetbrains:resharper_ultimate:2018.1.3
-
cpe:2.3:a:jetbrains:resharper_ultimate:2018.1.4