Vulnerabilities > Jetbrains > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-11 | CVE-2021-31915 | OS Command Injection vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. | 7.5 |
2021-05-11 | CVE-2021-31909 | Argument Injection or Modification vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible. | 7.5 |
2021-02-03 | CVE-2021-25770 | Code Injection vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution. | 7.5 |
2020-10-19 | CVE-2020-15822 | Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped. | 7.5 |
2020-08-08 | CVE-2020-15824 | Improper Privilege Management vulnerability in multiple products In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. | 8.8 |
2020-04-22 | CVE-2020-11796 | Improper Authentication vulnerability in Jetbrains Space 20200422 In JetBrains Space through 2020-04-22, the password authentication implementation was insecure. | 7.5 |
2020-04-22 | CVE-2020-11690 | Unspecified vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases. | 7.5 |
2019-10-31 | CVE-2019-18368 | Unspecified vulnerability in Jetbrains Toolbox In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. | 7.5 |
2019-10-31 | CVE-2019-18364 | Deserialization of Untrusted Data vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution. | 7.5 |
2019-10-02 | CVE-2019-12736 | Command Injection vulnerability in Jetbrains Ktor JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection. | 7.5 |