Jetbrains: >> Intellij Idea Security Vulnerabilities
In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases
CVSS Score
3.3
EPSS Score
0.0
Published
2023-07-12
In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.
CVSS Score
5.2
EPSS Score
0.0
Published
2023-03-29
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.
CVSS Score
6.1
EPSS Score
0.0
Published
2023-03-29
In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-03-29
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation.
CVSS Score
4.5
EPSS Score
0.0
Published
2023-03-29
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.
CVSS Score
4.7
EPSS Score
0.0
Published
2022-12-22
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.
CVSS Score
5.0
EPSS Score
0.0
Published
2022-12-22
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.
CVSS Score
6.2
EPSS Score
0.0
Published
2022-12-08
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.
CVSS Score
3.9
EPSS Score
0.0
Published
2022-12-08
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.
CVSS Score
5.2
EPSS Score
0.0
Published
2022-12-08