CVE-2021-39115

HIGH Year: 2021
CVSS v3 Score
7.2
High
CVSS v2 Score
9.0
Critical
Weakness Type
CWE-96
View all →

Vulnerability Description

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.

Related Vulnerabilities

CVE-2024-13265

HIGH
CVSS:7.5(High)

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning...

CWE-962024

CVE-2024-13267

HIGH
CVSS:7.5(High)

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno T...

CWE-962024

CVE-2024-13268

MEDIUM
CVSS:6.8(Medium)

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7...

CWE-962024

CVE-2022-0895

HIGH
CVSS:7.7(High)

Static Code Injection in GitHub repository microweber/microweber prior to 1.3.

CWE-962022

CVE-2022-3960

MEDIUM
CVSS:6.3(Medium)

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboar...

CWE-962022

CVE-2024-32487

HIGH
CVSS:8.6(High)

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled fi...

CWE-962024