Vulnerabilities > Jetbrains > Youtrack > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-02-25 CVE-2022-24442 Code Injection vulnerability in Jetbrains Youtrack
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
network
low complexity
jetbrains CWE-94
critical
9.8
2021-11-09 CVE-2021-43185 Injection vulnerability in Jetbrains Youtrack
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.
network
low complexity
jetbrains CWE-74
critical
9.8
2021-08-06 CVE-2021-37549 Unspecified vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.
network
low complexity
jetbrains
critical
9.1
2021-02-03 CVE-2021-25770 Code Injection vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
network
low complexity
jetbrains CWE-94
critical
9.8
2019-07-03 CVE-2019-12852 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack
An SSRF attack was possible on a JetBrains YouTrack server.
network
low complexity
jetbrains CWE-918
critical
9.8
2019-07-03 CVE-2019-12850 SQL Injection vulnerability in Jetbrains Youtrack
A query injection was possible in JetBrains YouTrack.
network
low complexity
jetbrains CWE-89
critical
9.8
2019-07-03 CVE-2019-12866 Authorization Bypass Through User-Controlled Key vulnerability in Jetbrains Youtrack
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack.
network
low complexity
jetbrains CWE-639
critical
9.8
2019-07-03 CVE-2019-12867 Unspecified vulnerability in Jetbrains Youtrack
Certain actions could cause privilege escalation for issue attachments in JetBrains YouTrack.
network
low complexity
jetbrains
critical
9.8