=====================================================================

                               CERT-Renater

                    Note d'Information No. 2022/VULN487

_____________________________________________________________________

DATE                : 22/12/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running IntelliJ IDEA versions prior
                                  to 2022.3.1.

=====================================================================
https://www.jetbrains.com/privacy-security/issues-fixed/
_____________________________________________________________________


Product	Description	Severity	Resolved In	CWE	CVE

IntelliJ IDEA	The "Validate JSP File" action used the HTTP protocol to
download required JAR files (IDEA-305732)	Medium	2022.3.1	
CWE-319	CVE-2022-47895

IntelliJ IDEA	Code Templates were vulnerable to SSTI attacks 
(IDEA-306345)	Medium	2022.3.1	CWE-1336	CVE-2022-47896


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================