Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature.

The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1.

*Affected versions:*

• version < 8.13.12
• 8.14.0 ≤ version < 8.19.1

*Fixed versions:*

• 8.13.12
• 8.19.1
• 8.20.0
• 8.21.0