CVE-2024-52555

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: JetBrains WebStorm versions prior to 2024.3

Description: The issue in JetBrains WebStorm is related to the Untrusted Project Mode, where a flaw allows the loading of external untrusted data alongside trusted data. This can enable an attacker to execute arbitrary code. The vulnerability can be exploited through the type definitions installer script in Untrusted Project mode.

Recommendations: For versions prior to 2024.3, update to version 2024.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the type definitions installer script in Untrusted Project mode until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-349

Related Identifiers

BDU:2024-10712

CVE-2024-52555

Affected Products

Webstorm

CVE-2024-52555

Weakness Enumeration

Related Identifiers

Affected Products

References · 9