JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data.
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Dotpeek | Jetbrains | * | 2018.2 (excluding) |
Resharper_ultimate | Jetbrains | * | 2018.1.4 (including) |