A vulnerability has been found in PyCharm Community and Professional, potentially resulting in arbitrary code execution.
Package | dev-util/pycharm-community on all architectures |
---|---|
Affected versions | < 2021.1.2 |
Unaffected versions | >= 2021.1.2 |
Package | dev-util/pycharm-professional on all architectures |
---|---|
Affected versions | < 2021.1.2 |
Unaffected versions | >= 2021.1.2 |
PyCharm is the Python IDE for professional developers.
Insufficient validation exists within PyCharm’s checks for fetching projects from VCS.
If a victim can be enticed into fetching a VCS project via PyCharm, a remote attacker could achieve remote code execution.
There is no known workaround at this time.
All PyCharm Community users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/pycharm-community-2021.1.2"
All PyCharm Professional users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/pycharm-professional-2021.1.2"
Release date
July 20, 2021
Latest revision
July 20, 2021: 1
Severity
normal
Exploitable
remote
Bugzilla entries