Code Execution Vulnerability in JetBrains WebStorm
CVE-2021-31897

9.8CRITICAL

Key Information:

Vendor: Jetbrains
Status: Webstorm
Vendor: CVE Published:; 11 May 2021

Summary

A security vulnerability exists in JetBrains WebStorm that permits unauthorized code execution for untrusted projects. This flaw affects all versions prior to 2021.1, allowing potentially harmful scripts to run without any user confirmation. Users may inadvertently expose themselves to various security risks if they work with compromised projects, highlighting the need for immediate attention to ensure their development environment is secure.

References

https://blog.jetbrains.com

x_refsource_MISC

https://blog.jetbrains.com/blog/2021/05/07/jetbrains-secu...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2021
Vulnerability Reserved
Apr 29, 2021