Vulnerabilities > CVE-2018-14878 - Deserialization of Untrusted Data vulnerability in Jetbrains Dotpeek and Resharper Ultimate

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

jetbrains

CWE-502

NVD

Published: 2018-08-13

Updated: 2018-10-12

Summary

JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data.

Vulnerable Configurations

Part	Description	Count
Application	Jetbrains Jetbrains Dotpeek 10.0 Jetbrains Dotpeek 2016.2 Jetbrains Dotpeek 2016.2.1 Jetbrains Dotpeek 2016.2.2 Jetbrains Dotpeek 2016.3 Jetbrains Dotpeek 2016.3.1 Jetbrains Dotpeek 2016.3.2 Jetbrains Dotpeek 2017.1 Jetbrains Dotpeek 2017.1.1 Jetbrains Dotpeek 2017.1.2 Jetbrains Dotpeek 2017.1.3 Jetbrains Dotpeek 2017.2 Jetbrains Dotpeek 2017.2.1 Jetbrains Dotpeek 2017.2.2 Jetbrains Dotpeek 2017.3 Jetbrains Dotpeek 2017.3.1 Jetbrains Dotpeek 2017.3.2 Jetbrains Dotpeek 2017.3.3 Jetbrains Dotpeek 2017.3.4 Jetbrains Dotpeek 2017.3.5 Jetbrains Dotpeek 2018.1 Jetbrains Dotpeek 2018.1.1 Jetbrains Dotpeek 2018.1.2 Jetbrains Dotpeek 2018.1.3 Jetbrains Dotpeek 2018.1.4 Jetbrains Resharper Ultimate 2016.1 Jetbrains Resharper Ultimate 2016.1.1 Jetbrains Resharper Ultimate 2016.1.2 Jetbrains Resharper Ultimate 2016.2 Jetbrains Resharper Ultimate 2016.2.1 Jetbrains Resharper Ultimate 2016.2.2 Jetbrains Resharper Ultimate 2016.2.3 Jetbrains Resharper Ultimate 2016.3 Jetbrains Resharper Ultimate 2016.3.1 Jetbrains Resharper Ultimate 2016.3.2 Jetbrains Resharper Ultimate 2017.1 Jetbrains Resharper Ultimate 2017.1.1 Jetbrains Resharper Ultimate 2017.1.2 Jetbrains Resharper Ultimate 2017.1.3 Jetbrains Resharper Ultimate 2017.2 Jetbrains Resharper Ultimate 2017.2.1 Jetbrains Resharper Ultimate 2017.2.2 Jetbrains Resharper Ultimate 2017.3 Jetbrains Resharper Ultimate 2017.3.1 Jetbrains Resharper Ultimate 2017.3.2 Jetbrains Resharper Ultimate 2017.3.3 Jetbrains Resharper Ultimate 2017.3.5 Jetbrains Resharper Ultimate 2018.1 Jetbrains Resharper Ultimate 2018.1.1 Jetbrains Resharper Ultimate 2018.1.2 Jetbrains Resharper Ultimate 2018.1.3 Jetbrains Resharper Ultimate 2018.1.4	52

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References