Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Resource Deserialization Security Vulnerability #1196
Affected Versions: ILSpy 1.x, 2.x, 3.0.x, 3.1.x
ILSpy was deserializing arbitrary objects within ".resources" embedded resources.
If you are using ICSharpCode.Decompiler, you are only affected by this vulnerability if you are using the WholeProjectDecompiler class.
Warning: the fix only avoids deserializing such resources in ILSpy.
The fix is in commit c17c3c7.