Details
-
Bug
-
Resolution: Fixed
-
High
-
5.5.2
-
7.8
-
Description
Nir Goldshlager have discovered a vulnerability on atlassian-gadgets when parsing XMLs.
Basically anyone can craft a URL containing a parameter with some XML that will make the instance run out of memory when trying to parse it.
Details on the attack can be found on https://jira.atlassian.com/browse/JRA-38884
The vulnerability was detected on our fork of apache shindig, which atlassian-gadgets depends on. We have made a fix and published a new version for it (1.0-incubating-atlassian-20) that solves the problem.
Any product that uses atlassian-gadgets to render gadgets is vulnerable to this, and Confluence is one of those.
You would need to check your current version of atlassian-gadgets and see which version of apache shindig is using. Anything lower than 1.0-incubating-atlassian-20 would make Confluence vulnerable to this attack.
The fix is quite easy, just bump the version of shindig on the version of gadgets that you are using. Then release a new version of gadgets and bump the version on Confluence to pick up the fix.
If you need any details, ping me @jsanchez.
Attachments
Issue Links
- is cloned from
-
-
- Closed
-