Page 3 of 49 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. En JetBrains IntelliJ IDEA antes de 2022.3 era posible una inyección DYLIB en macOS. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-691: Insufficient Control Flow Management •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. En JetBrains IntelliJ IDEA antes de 2022.3, era posible un ataque XXE que conducía a SSRF a través de solicitudes a repositorios de complementos personalizados. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-611: Improper Restriction of XML External Entity Reference •