Security Vulnerabilities fixed in IntelliJ IDEA 221.5080.210
Description
JetBrains IntelliJ IDEA before 2022.1 contained multiple vulnerabilities: Notification mechanisms about using Unicode directionality formatting characters were insufficient. Local code execution via custom Pandoc path, HTML descriptions in custom JSON schemas, workspace settings, and links in Quick Documentation. HTML injection into IDE messages, reflected XSS via error messages in internal web server, and origin checks in the internal web server were flawed.
Affected Applications
IntelliJ IDEA