CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29932
https://notcve.org/view.php?id=CVE-2025-29932
25 Mar 2025 — In JetBrains GoLand before 2025.1 an XXE during debugging was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.3EPSS: 1%CPEs: 44EXPL: 2CVE-2024-37051
https://notcve.org/view.php?id=CVE-2024-37051
10 Jun 2024 — GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2... • https://github.com/LeadroyaL/CVE-2024-37051-EXP • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11685
https://notcve.org/view.php?id=CVE-2020-11685
22 Apr 2020 — In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS. En JetBrains GoLand versiones anteriores a la versión 2019.3.2, el repositorio del plugin era accedido por medio de HTTP en lugar de HTTPS. • https://blog.jetbrains.com/blog/2020/04/22/jetbrains-security-bulletin-q1-2020 • CWE-319: Cleartext Transmission of Sensitive Information •