All IDEs based on JetBrains' IntelliJ IDEA are affected
Google has emailed Android developers advising them to update Android Studio, the official Android IDE, to fix security bugs.
A cross-site request forgery CSRF flaw means that if the IDE is running and the developer visits a malicious web page in any browser, scripts on the malicious web page could access the local file system.
This allows attackers to get access to data saved by the IDE or open a project without permission.
Users of other JetBrains IDEs will also find updates available for download.
Some developers asked if it could be disabled completely.
"The internal server is not exclusively used for web application development but also serves for other functionality such as the Internal Git SSH support, Http Authorization, Serving Documentation from JAR s as well as providing a REST API endpoint," explains JetBrains developer advocate Hadi Hariri.