Description
Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are those before version 7.1.15.
Remediation
References
Related Vulnerabilities
WordPress Plugin MailCWP Arbitrary File Upload (1.100)
IBM RTC Cross-site Scripting (XSS) Vulnerability (CVE-2020-4691)
WordPress 4.2.x Possible SQL Injection Vulnerability (4.2 - 4.2.16)
WordPress Plugin InfiniteWP Client PHP Object Injection (1.6.0)
WordPress Plugin Image Gallery-Responsive Photo Gallery Cross-Site Scripting (1.5.1)