CVE-2022-37009
https://notcve.org/view.php?id=CVE-2022-37009
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible En JetBrains IntelliJ IDEA versiones anteriores a 2022.2, era posible una ejecución de código local por medio de un ejecutable Vagrant • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2022-29819
https://notcve.org/view.php?id=CVE-2022-29819
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible En JetBrains IntelliJ IDEA versiones anteriores a 2022.1, era posible una ejecución de código local por medio de enlaces en Quick Documentation • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2022-29818
https://notcve.org/view.php?id=CVE-2022-29818
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed En JetBrains IntelliJ IDEA versiones anteriores a 2022.1, las comprobaciones de origen en el servidor web interno eran defectuosas • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-346: Origin Validation Error •
CVE-2022-29817
https://notcve.org/view.php?id=CVE-2022-29817
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible En JetBrains IntelliJ IDEA versiones anteriores a 2022.1, era posible un ataque de tipo XSS reflejado por medio de mensajes de error en el servidor web interno • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-29816
https://notcve.org/view.php?id=CVE-2022-29816
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible En JetBrains IntelliJ IDEA versiones anteriores a 2022.1, era posible una inyección de HTML en los mensajes del IDE • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •