Jetbrains: Security Vulnerabilities
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible
CVSS Score
3.0
EPSS Score
0.0
Published
2022-04-28
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible
CVSS Score
6.9
EPSS Score
0.0
Published
2022-04-28
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.
CVSS Score
6.1
EPSS Score
0.0
Published
2022-04-28
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations
CVSS Score
3.3
EPSS Score
0.0
Published
2022-04-11
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
CVSS Score
4.6
EPSS Score
0.0
Published
2022-04-05
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
CVSS Score
7.3
EPSS Score
0.0
Published
2022-04-05
In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields
CVSS Score
8.4
EPSS Score
0.0
Published
2022-04-05
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
CVSS Score
5.7
EPSS Score
0.0
Published
2022-04-05
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
CVSS Score
9.8
EPSS Score
0.0
Published
2022-02-25
JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.
CVSS Score
6.1
EPSS Score
0.0
Published
2022-02-25