Code Injection Vulnerability in JetBrains PhpStorm
CVE-2021-25764

5.3MEDIUM

Key Information:

Vendor: Jetbrains
Status: PHPstorm
Vendor: CVE Published:; 18 March 2021

What is CVE-2021-25764?

A vulnerability exists in JetBrains PhpStorm prior to version 2020.3, allowing attackers to insert sensitive source code into debug logs. This exposure can potentially lead to unauthorized access or disclosure of proprietary code. Developers using outdated versions of PhpStorm are advised to upgrade to secure their applications against potential exploitation.

References

https://blog.jetbrains.com

x_refsource_MISC

https://blog.jetbrains.com/blog/2021/02/03/jetbrains-secu...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 18, 2021
Vulnerability Reserved
Jan 21, 2021

Jetbrains

What is CVE-2021-25764?

References

CVSS V3.1

Timeline