Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2019-20409 - Vulnerability Database
Atlassian Jira

Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2019-20409

Critical
Reference: CVE-2019-20409
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-20409
Title: Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Overview:

The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.