JetBrains WebStorm Untrusted Project Mode Code Execution Vulnerability
CVE-2024-52555 Published on November 15, 2024

In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script

NVD

Vulnerability Analysis

CVE-2024-52555 can be exploited with local system access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
LOCAL
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Type

Acceptance of Extraneous Untrusted Data With Trusted Data

The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.


Products Associated with CVE-2024-52555

Want to know whenever a new CVE is published for JetBrains Webstorm? stack.watch will email you.

JetBrains Webstorm
 

Affected Versions

JetBrains WebStorm: jetbrains webstorm:

Exploit Probability

EPSS
0.00%
Percentile
0.08%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.