CVE-2024-54158
04.12.2024, 12:15
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encodingEnginsight
| Vendor | Product | Version |
|---|---|---|
| jetbrains | youtrack | 𝑥 < 2024.3.52635 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-173 - Improper Handling of Alternate EncodingThe software does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent.
- CWE-290 - Authentication Bypass by SpoofingThis attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.