Description

The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.

Remediation

References

CVE-2019-20409

Related Vulnerabilities

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-10094)

MySQL CVE-2013-1521 Vulnerability (CVE-2013-1521)

WordPress Plugin Slideshow Multiple Cross-Site Scripting Vulnerabilities (2.1.14)

WordPress 6.1.x Shortcode Execution (6.1 - 6.1.2)

LimeSurvey Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-4927)

Severity

Critical

Classification

CVE-2019-20409 CWE-138

Tags

Missing Update Known Vulnerabilities