CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52555
https://notcve.org/view.php?id=CVE-2024-52555
15 Nov 2024 — In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVSS: 9.3EPSS: 5%CPEs: 44EXPL: 2CVE-2024-37051
https://notcve.org/view.php?id=CVE-2024-37051
10 Jun 2024 — GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2... • https://github.com/LeadroyaL/CVE-2024-37051-EXP • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31897
https://notcve.org/view.php?id=CVE-2021-31897
11 May 2021 — In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects. En JetBrains WebStorm versiones anteriores a 2021.1, una ejecución de código sin la confirmación del usuario fue posible para proyectos que no eran confiable • https://blog.jetbrains.com •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31898
https://notcve.org/view.php?id=CVE-2021-31898
11 May 2021 — In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS. En JetBrains WebStorm versiones anteriores a 2021.1, fueron usados peticiones HTTP en lugar de HTTPS • https://blog.jetbrains.com • CWE-319: Cleartext Transmission of Sensitive Information •