Acceptance of Extraneous Untrusted Data With Trusted Data
CVE-2024-52555
Summary
In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script
- HIGH
- LOCAL
- HIGH
- UNCHANGED
- REQUIRED
- NONE
- HIGH
- NONE
CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data
The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.
References
Advisory Timeline
- Published
