CVE-2022-47896
22.12.2022, 11:15
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.
Vendor | Product | Version |
---|---|---|
jetbrains | intellij_idea | 𝑥 < 2022.3.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template EngineThe product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.
- CWE-94 - Improper Control of Generation of Code ('Code Injection')The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.