Vulnerabilities > Jetbrains > Intellij Idea

DATE CVE VULNERABILITY TITLE RISK
2022-12-08 CVE-2022-46827 XXE vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.
local
low complexity
jetbrains CWE-611
5.5
5.5
2022-12-08 CVE-2022-46828 Unrestricted Upload of File with Dangerous Type vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.
local
low complexity
jetbrains CWE-434
7.8
7.8
2022-04-28 CVE-2022-29812 Unspecified vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient
local
low complexity
jetbrains
2.1
2.1
2022-04-28 CVE-2022-29813 Code Injection vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible
local
low complexity
jetbrains CWE-94
4.6
4.6
2022-04-28 CVE-2022-29814 Code Injection vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible 		4.4
4.4
2022-04-28 CVE-2022-29815 Code Injection vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible
local
low complexity
jetbrains CWE-94
4.6
4.6
2022-04-28 CVE-2022-29816 Cross-site Scripting vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible
local
low complexity
jetbrains CWE-79
3.2
3.2
2022-04-28 CVE-2022-29817 Cross-site Scripting vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible
network
jetbrains CWE-79
4.3
4.3
2022-04-28 CVE-2022-29818 Origin Validation Error vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed
local
low complexity
jetbrains CWE-346
3.6
3.6
2022-04-28 CVE-2022-29819 Code Injection vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible 		4.4
4.4