Description

The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.

Remediation

References

CVE-2019-20897

Related Vulnerabilities

WordPress Plugin Alpine PhotoTile for Instagram Cross-Site Scripting (1.2.7.5)

Oracle Application Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2004-1367)

WordPress Plugin Event Calendar WD-Responsive Event Calendar Cross-Site Scripting (1.1.42)

WordPress Plugin Coming Soon Page & Maintenance Mode Cross-Site Scripting (1.8.1)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-26032)

Severity

Medium

Classification

CVE-2019-20897 CWE-434

Tags

Missing Update Known Vulnerabilities