Eclipse · Eclipse Birt · CVE-2021-34427
**Name of the Vulnerable Software and Affected Versions**
Eclipse BIRT versions 4.8.0 and earlier
**Description**
An attacker can use query parameters to create a JavaServer Pages (JSP) file accessible remotely, allowing for the injection of JSP code into the running instance. This could lead to remote code execution.
**Recommendations**
Versions prior to 4.8.0 should be updated.