CVE-2018-14878

HIGH

JetBrains dotPeek <2018.2 - Code Injection

Title source: llm

Description

JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data.

References (2)

[Patch, Vendor Advisory] https://blog.jetbrains.com/dotnet/2018/08/02/resharper-ultimate-2018-1-4-rider-2018-1-4-released/

[Third Party Advisory] https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues/

Scores

CVSS v3 7.8

EPSS 0.0000

EPSS Percentile 0.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (2)

jetbrains/dotpeek < 2018.2

jetbrains/resharper_ultimate < 2018.1.4

Timeline

Published Aug 13, 2018

Tracked Since Feb 18, 2026