Skip to main content

Intellij Idea CVE-2021-30006

HIGH
Improper Restriction of XML External Entity Reference (CWE-611)
2021-05-11 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 11, 2021 - 12:15 nvd
HIGH 7.5

DescriptionNVD

In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to information disclosure.

AnalysisAI

In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as XML External Entity (XXE) (CWE-611), which allows attackers to read arbitrary files or perform SSRF through XML processing. In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to information disclosure. Affected products include: Jetbrains Intellij Idea. Version information: before 2020.3.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Disable external entity processing in XML parsers, use JSON instead of XML where possible.

CVE-2026-59792 CRITICAL
9.8 Jul 10

Code execution via path traversal in JetBrains IntelliJ IDEA before 2026.1.4 and 2026.2 lets an attacker abuse improper

CVE-2023-51655 CRITICAL
9.8 Dec 21

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin

CVE-2020-11690 CRITICAL
9.8 Apr 22

In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases. Rated

CVE-2019-9873 CRITICAL
9.8 Jul 03

In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartex

CVE-2019-9823 CRITICAL
9.8 Jul 03

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to s

CVE-2019-9186 CRITICAL
9.8 Jul 03

In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote att

CVE-2019-10104 CRITICAL
9.8 Jul 03

In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin,

CVE-2019-9872 HIGH
8.1 Jul 03

In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads

CVE-2026-49367 HIGH
8.0 May 29

Command execution in JetBrains IntelliJ IDEA versions prior to 2026.1.1 allows attackers leveraging the guest user accou

CVE-2026-49366 HIGH
7.8 May 29

Command injection in JetBrains IntelliJ IDEA before 2026.1.1 allows attackers to execute arbitrary OS commands by abusin

CVE-2023-39261 HIGH
7.8 Jul 26

In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions. Rated high severity (CVS

CVE-2022-47896 HIGH
7.8 Dec 22

In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks. Rated high severity (CVSS 7.8

Share

CVE-2021-30006 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy