Description
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Remediation
References
Related Vulnerabilities
Jenkins Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2017-2612)
Jetty Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2021-28163)
IBM RTC Improper Privilege Management Vulnerability (CVE-2021-29774)
WordPress Plugin FV Flowplayer Video Player URL Cross-Site Scripting (1.2.11)