Code Template Vulnerability in JetBrains IntelliJ IDEA by JetBrains
CVE-2022-47896
7.8HIGH
Summary
In JetBrains IntelliJ IDEA versions before 2022.3.1, code templates were susceptible to server-side template injection (SSTI) attacks. This vulnerability allows attackers to execute arbitrary code through specially crafted inputs, posing significant risks to the integrity and confidentiality of user data. It is crucial for users to upgrade to the latest version to mitigate these risks and enhance overall cybersecurity.
Affected Version(s)
IntelliJ IDEA 0 < 2022.3.1
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved