Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-30221

OGNL double evaluation in atlassian-xwork


      We have fixed a vulnerability in our version of Xwork. In specific circumstances, attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Confluence web interface. A valid user account is not required to exploit this vulnerability.

      The vulnerability affects all versions of Confluence up to and including 5.1.4.

      No other Atlassian products are affected.

      For more information on this issue, including full instructions on patches and workarounds, please see the security advisory here.

      Our thanks to Reginaldo Silva who reported this vulnerability.

            Unassigned Unassigned
            vosipov VitalyA
            0 Vote for this issue
            17 Start watching this issue