CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7905
https://notcve.org/view.php?id=CVE-2020-7905
Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network. Los puertos escuchados por JetBrains IntelliJ IDEA versiones anteriores a 2019.3, estuvieron expuestos en la red. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2020/01/24/jetbrains-security-bulletin-q4-2019 •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7904
https://notcve.org/view.php?id=CVE-2020-7904
In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS. En JetBrains IntelliJ IDEA versiones anteriores a 2019.3, algunos repositorios Maven eran accedidos por medio de HTTP en lugar de HTTPS. • https://blog.jetbrains.com https://blog.jetbrains.com/blog/2020/01/24/jetbrains-security-bulletin-q4-2019 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5207 – Request smuggling is possible in Ktor when both chunked TE and content length specified
https://notcve.org/view.php?id=CVE-2020-5207
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator. En Ktor versiones anteriores a 1.3.0, el tráfico no autorizado de peticiones es posible cuando se ejecuta detrás de un proxy que no maneja Content-Length y Transfer-Encoding apropiadamente o no maneja \n como un separador de encabezados. • https://github.com/ktorio/ktor/pull/1547 https://github.com/ktorio/ktor/security/advisories/GHSA-xrr9-rh8p-433v • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18412
https://notcve.org/view.php?id=CVE-2019-18412
JetBrains IDETalk plugin before version 193.4099.10 allows XXE El plugin JetBrains IDETalk en versiones anteriores a la 193.4099.10 permite XXE. • https://blog.jetbrains.com/blog/2020/01/24/jetbrains-security-bulletin-q4-2019 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2019-19389
https://notcve.org/view.php?id=CVE-2019-19389
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. El framework JetBrains Ktor versiones anteriores a 1.2.6, era vulnerable a la División de Respuesta HTTP. • https://gist.github.com/JLLeitschuh/6792947ed57d589b08c1cc8b666c7737 https://github.com/ktorio/ktor/pull/1408 https://twitter.com/JLLeitschuh/status/1210256191110230017?s=20 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •