Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-30221

OGNL double evaluation in atlassian-xwork

XMLWordPrintable

      We have fixed a vulnerability in our version of Xwork. In specific circumstances, attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Confluence web interface. A valid user account is not required to exploit this vulnerability.

      The vulnerability affects all versions of Confluence up to and including 5.1.4.

      No other Atlassian products are affected.

      For more information on this issue, including full instructions on patches and workarounds, please see the security advisory here.

      Our thanks to Reginaldo Silva who reported this vulnerability.

        1. xwork-1.0.3.6.jar
          152 kB
          VitalyA

              Unassigned Unassigned
              vosipov VitalyA
              Votes:
              0 Vote for this issue
              Watchers:
              17 Start watching this issue

                Created:
                Updated:
                Resolved: