CVE-2024-52555

EPSS 0%
Published 15.11.2024 16:15:38
Last modified 31.01.2025 14:37:51
Source cve@jetbrains.com
Teams watchlist Login
Open Login

In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

JetBrains ≫ WebStorm Version < 2024.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0%	0

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cve@jetbrains.com	6.3	1	5.2	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data

The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.

https://www.jetbrains.com/privacy-security/issues-fixed/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-52555

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-52555

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-52555

EUVD