Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2021-26084 - Vulnerability Database
Atlassian Confluence

Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2021-26084

Critical
Reference: CVE-2021-26084
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-26084
Title: Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Overview:

In affected versions of Confluence Server and Data Center an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23 from version 6.14.0 before 7.4.11 from version 7.5.0 before 7.11.6 and from version 7.12.0 before 7.12.5.