Vulnerability Details CVE-2018-15122
An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.5%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- https://docs.telerik.com/devtools/justdecompile/knowledge-base/jd-ja-resources-vulnerability
- https://www.telerik.com/support/whats-new/justdecompile/release-history/justdecompile-r2-2018-sp1
- https://docs.telerik.com/devtools/justdecompile/knowledge-base/jd-ja-resources-vulnerability
- https://www.telerik.com/support/whats-new/justdecompile/release-history/justdecompile-r2-2018-sp1
Products affected by CVE-2018-15122
-
cpe:2.3:a:telerik:justassembly:2018.1.323.2
-
cpe:2.3:a:telerik:justassembly:2018.2.806.1
-
cpe:2.3:a:telerik:justdecompile:2018.2.803.0