Description
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2020-2968 Vulnerability (CVE-2020-2968)
MySQL CVE-2020-14800 Vulnerability (CVE-2020-14800)
WordPress Plugin YAS Slideshow Arbitrary File Upload (3.4)
WordPress Plugin Better User Shortcodes Multiple Cross-Site Scripting Vulnerabilities (1.0)
WordPress Plugin Woopra Analytics Arbitrary File Upload (1.4.3.1)