Vulnerabilities > CVE-2018-14878 - Deserialization of Untrusted Data vulnerability in Jetbrains Dotpeek and Resharper Ultimate

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

jetbrains

CWE-502

NVD

Published: 2018-08-13

Updated: 2018-10-12

Summary

JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data.

Vulnerable Configurations

Part	Description	Count
Application	Jetbrains Jetbrains Dotpeek 10.0 Jetbrains Dotpeek 2016.2 Jetbrains Dotpeek 2016.2.1 Jetbrains Dotpeek 2016.2.2 Jetbrains Dotpeek 2016.3 Jetbrains Dotpeek 2016.3.1 Jetbrains Dotpeek 2016.3.2 Jetbrains Dotpeek 2017.1 Jetbrains Dotpeek 2017.1.1 Jetbrains Dotpeek 2017.1.2 Jetbrains Dotpeek 2017.1.3 Jetbrains Dotpeek 2017.2 Jetbrains Dotpeek 2017.2.1 Jetbrains Dotpeek 2017.2.2 Jetbrains Dotpeek 2017.3 Jetbrains Dotpeek 2017.3.1 Jetbrains Dotpeek 2017.3.2 Jetbrains Dotpeek 2017.3.3 Jetbrains Dotpeek 2017.3.4 Jetbrains Dotpeek 2017.3.5 Jetbrains Dotpeek 2018.1 Jetbrains Dotpeek 2018.1.1 Jetbrains Dotpeek 2018.1.2 Jetbrains Dotpeek 2018.1.3 Jetbrains Dotpeek 2018.1.4 Jetbrains Resharper Ultimate 2016.1 Jetbrains Resharper Ultimate 2016.1.1 Jetbrains Resharper Ultimate 2016.1.2 Jetbrains Resharper Ultimate 2016.2 Jetbrains Resharper Ultimate 2016.2.1 Jetbrains Resharper Ultimate 2016.2.2 Jetbrains Resharper Ultimate 2016.2.3 Jetbrains Resharper Ultimate 2016.3 Jetbrains Resharper Ultimate 2016.3.1 Jetbrains Resharper Ultimate 2016.3.2 Jetbrains Resharper Ultimate 2017.1 Jetbrains Resharper Ultimate 2017.1.1 Jetbrains Resharper Ultimate 2017.1.2 Jetbrains Resharper Ultimate 2017.1.3 Jetbrains Resharper Ultimate 2017.2 Jetbrains Resharper Ultimate 2017.2.1 Jetbrains Resharper Ultimate 2017.2.2 Jetbrains Resharper Ultimate 2017.3 Jetbrains Resharper Ultimate 2017.3.1 Jetbrains Resharper Ultimate 2017.3.2 Jetbrains Resharper Ultimate 2017.3.3 Jetbrains Resharper Ultimate 2017.3.5 Jetbrains Resharper Ultimate 2018.1 Jetbrains Resharper Ultimate 2018.1.1 Jetbrains Resharper Ultimate 2018.1.2 Jetbrains Resharper Ultimate 2018.1.3 Jetbrains Resharper Ultimate 2018.1.4	52

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References