Pycharm
CVE-2019-14958
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation.
AnalysisAI
JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation. Affected products include: Jetbrains Pycharm. Version information: before 2019.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set resource limits, implement rate limiting, validate input sizes.
In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. Rated high se
In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible [CVSS 8.2 HIGH]
In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible. Rated hig
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ
Stored XSS in JetBrains PyCharm's Jupyter notebook Markdown cell renderer allows a remote, unauthenticated attacker to e
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible. Rated low severit
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today