Lucene search

[email protected]NVD:CVE-2022-47896

HistoryDec 22, 2022 - 11:15 a.m.

CVE-2022-47896

2022-12-2211:15:09

CWE-1336

CWE-94

[email protected]

web.nvd.nist.gov

jetbrains

ssti attack

code templates

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.9%

JSON

In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.

Affected configurations

Nvd

Node

jetbrainsintellij_ideaRange<2022.3.1

VendorProductVersionCPE
jetbrainsintellij_idea*cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jetbrains	intellij_idea	*	cpe:2.3:a:jetbrains:intellij_idea::::::::

References

www.jetbrains.com/privacy-security/issues-fixed/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.9%

JSON

Related for NVD:CVE-2022-47896

prion1 cve1 cvelist1