IntelliJ IDEA Security Vulnerabilities

CVE-2024-24941

In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate...

CVE-2024-24940

In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking...

CVE-2023-51655

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project...

CVE-2023-39261

In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive...

CVE-2023-38069

In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain...

CVE-2022-48431

In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project”...

CVE-2022-48432

In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't...

CVE-2022-48430

In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown...

CVE-2022-48433

In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web...

CVE-2022-47895

In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR...

CVE-2022-47896

In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI...

CVE-2022-46825

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open...

CVE-2022-46824

In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was...

CVE-2022-46827

In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was...

CVE-2022-46826

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal...

CVE-2022-46828

In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was...

CVE-2022-40978

The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order...

CVE-2022-37009

In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was...

CVE-2022-37010

In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was...

CVE-2022-29814

In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was...

CVE-2022-29818

In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were...

CVE-2022-29816

In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was...

CVE-2022-29813

In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was...

CVE-2022-29812

In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were...

CVE-2022-29817

In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was...

CVE-2022-29815

In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was...

CVE-2022-29819

In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was...

CVE-2022-28651

In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected...

CVE-2017-8316

IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both...