Description
The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.
Remediation
References
Related Vulnerabilities
Drupal Core 9.3.x Security Bypass (9.3.0 - 9.3.18)
Apache HTTP Server Improper Encoding or Escaping of Output Vulnerability (CVE-2024-38473)
WordPress Plugin Seo Optimized Images Malicious Code (2.1.2)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29212)
Oracle HTTP Server Inadequate Encryption Strength Vulnerability (CVE-2013-2566)