CVE-2018-15122
HIGHProgress Telerik <2018.1.323.2-2018.2.605.0 - Code Injection
Title source: llmDescription
An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://docs.telerik.com/devtools/justdecompile/knowledge-base/jd-ja-resources-vulnerability
Vendor Advisory x_refsource_confirm
https://www.telerik.com/support/whats-new/justdecompile/release-history/justdecompile-r2-2018-sp1
Scores
CVSS v3
7.8
EPSS
0.0119
EPSS Percentile
64.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (2)
telerik/justassembly
2018.1.323.2
telerik/justdecompile
2018.2.605.0
Published
Aug 16, 2018
Tracked Since
Feb 18, 2026