Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Atlassian Jira Deserialization of Untrusted Data Vulnerability - CVE-2017-5983 - Vulnerability Database
Atlassian Jira

Atlassian Jira Deserialization of Untrusted Data Vulnerability - CVE-2017-5983

Critical
Reference: CVE-2017-5983
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-5983
Title: Atlassian Jira Deserialization of Untrusted Data Vulnerability
Overview:

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer which allows remote attackers to execute arbitrary code read arbitrary files or cause a denial of service via a crafted serialized Java object.