Description

The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.

Remediation

References

CVE-2019-20897

Related Vulnerabilities

WordPress Plugin Advanced Advertising System PHP Object Injection (1.3.1)

WordPress Plugin WordPress Download Manager Multiple Security Bypass Vulnerabilities (2.6.92)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-13447)

Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2022-0538)

Apache HTTP Server Session Fixation Vulnerability (CVE-2018-17199)

Severity

Medium

Classification

CVE-2019-20897 CWE-434

Tags

Missing Update Known Vulnerabilities