LOW✓ PATCH🇵🇱 Wersja polska

CVE-2024-54158

CVSS 3.5v3.1pub. 2024-12-04upd. 2025-01-30

In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
  • Jetbrains Youtrack

    APP
    Jetbrains
    < 2024.3.52635
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2022-24442CRITICAL9.8ten sam produkt

JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker ...

CVE-2021-43185CRITICAL9.8ten sam produkt

JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.

CVE-2021-37549CRITICAL9.1ten sam produkt

In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.

CVE-2021-25770CRITICAL9.8ten sam produkt

In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead...

CVE-2019-12852CRITICAL9.8ten sam produkt

An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack...