Intellij Idea
by Jetbrains
CVEs (62)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-48432 | 0.00 | — | 0.00 | Mar 29, 2023 | In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed. | |||
| CVE-2022-48431 | 0.00 | — | 0.00 | Mar 29, 2023 | In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation. | |||
| CVE-2022-48430 | 0.00 | — | 0.00 | Mar 29, 2023 | In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview. | |||
| CVE-2022-47896 | 0.00 | — | 0.00 | Dec 22, 2022 | In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks. | |||
| CVE-2022-47895 | 0.00 | — | 0.00 | Dec 22, 2022 | In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files. | |||
| CVE-2022-46828 | 0.00 | — | 0.00 | Dec 8, 2022 | In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. | |||
| CVE-2022-46827 | 0.00 | — | 0.00 | Dec 8, 2022 | In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. | |||
| CVE-2022-46826 | 0.00 | — | 0.00 | Dec 8, 2022 | In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability. | |||
| CVE-2022-46825 | 0.00 | — | 0.00 | Dec 8, 2022 | In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects. | |||
| CVE-2022-46824 | 0.00 | — | 0.00 | Dec 8, 2022 | In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible. | |||
| CVE-2022-40978 | 0.00 | — | 0.00 | Sep 19, 2022 | The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking | |||
| CVE-2022-37010 | 0.00 | — | 0.00 | Jul 28, 2022 | In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed | |||
| CVE-2022-37009 | 0.00 | — | 0.00 | Jul 28, 2022 | In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible | |||
| CVE-2022-29819 | 0.00 | — | 0.00 | Apr 28, 2022 | In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible | |||
| CVE-2022-29818 | 0.00 | — | 0.00 | Apr 28, 2022 | In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed | |||
| CVE-2022-29817 | 0.00 | — | 0.00 | Apr 28, 2022 | In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible | |||
| CVE-2022-29816 | 0.00 | — | 0.00 | Apr 28, 2022 | In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible | |||
| CVE-2022-29815 | 0.00 | — | 0.00 | Apr 28, 2022 | In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible | |||
| CVE-2022-29814 | 0.00 | — | 0.00 | Apr 28, 2022 | In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible | |||
| CVE-2022-29813 | 0.00 | — | 0.00 | Apr 28, 2022 | In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible |
- CVE-2022-48432Mar 29, 2023risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.
- CVE-2022-48431Mar 29, 2023risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation.
- CVE-2022-48430Mar 29, 2023risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.
- CVE-2022-47896Dec 22, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.
- CVE-2022-47895Dec 22, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.
- CVE-2022-46828Dec 8, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.
- CVE-2022-46827Dec 8, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.
- CVE-2022-46826Dec 8, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.
- CVE-2022-46825Dec 8, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.
- CVE-2022-46824Dec 8, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.
- CVE-2022-40978Sep 19, 2022risk 0.00cvss —epss 0.00
The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking
- CVE-2022-37010Jul 28, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed
- CVE-2022-37009Jul 28, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible
- CVE-2022-29819Apr 28, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible
- CVE-2022-29818Apr 28, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed
- CVE-2022-29817Apr 28, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible
- CVE-2022-29816Apr 28, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible
- CVE-2022-29815Apr 28, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible
- CVE-2022-29814Apr 28, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible
- CVE-2022-29813Apr 28, 2022risk 0.00cvss —epss 0.00
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible
Page 2 of 4