Description
The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.
Remediation
References
Related Vulnerabilities
Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2020-36231)
WordPress Plugin File Manager Unspecified Vulnerability (2.2.0)
WordPress Plugin wp-microblogs Cross-Site Scripting (0.4.0)
WordPress Plugin Premmerce Product Filter for WooCommerce Security Bypass (3.1.2)
ownCloud Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2021-35947)