V1Dhun

**Name of the Vulnerable Software and Affected Versions** Tenable for Jira Cloud versions prior to 1.1.21 **Description** The issue allows an attacker with local access to the host to run arbitrary code by running the application with a specially crafted YAML configuration file. This is possible due to the use of the `yaml.load()` method, which can execute arbitrary commands. The problem is fixed in version 1.1.21 by using `yaml.safe load()` instead of `yaml.load()`. **Recommendations** For versions prior to 1.1.21, update to version 1.1.21 or later, which uses `yaml.safe load()` instead of `yaml.load()` to prevent arbitrary code execution. As a temporary workaround, consider manually adjusting `yaml.load()` to `yaml.safe load()` in the affected configuration files.