CVE-2024-46970

Name of the Vulnerable Software and Affected Versions JetBrains IntelliJ IDEA versions prior to 2024.1

Description The issue is related to the lack of protection of the web page structure in the integrated development environment, allowing for HTML injection via the project name. This could enable an attacker to implement cross-site scripting attacks, potentially leading to malicious script injection.

Recommendations For versions prior to 2024.1, upgrade the affected component to the latest version to patch the issue. As a temporary workaround, consider restricting the use of project names to minimize the risk of exploitation.