Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Atlassian JIRA 远程安全绕过漏洞
Vulnerability Description
Atlassian Jira是澳大利亚Atlassian公司的一套缺陷跟踪管理系统。该系统主要用于对工作中各类问题、缺陷进行跟踪管理。 Atlassian JIRA 3.13.2之前版本存在代码注入漏洞,远程攻击者可以借助一个特制定并不断地转化为方法调用的URL,又称"WebWork 1参数注入缺口",以激活无掩护的大众JIRA方法路径。
CVSS Information
N/A
Vulnerability Type
N/A