Deserialization of untrusted data

2018-08-1317:29:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.9%

JSON

JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data.

CPENameOperatorVersion
dotpeeklt2018.2
resharper_ultimatele2018.1.4

CPE	Name	Operator	Version
	dotpeek	lt	2018.2
	resharper_ultimate	le	2018.1.4

References

blog.jetbrains.com/dotnet/2018/08/02/resharper-ultimate-2018-1-4-rider-2018-1-4-released/

www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/aspnet-resource-files-resx-and-deserialisation-issues/