CVE-2021-39128

Name of the Vulnerable Software and Affected Versions Atlassian Jira Server or Data Center versions prior to 8.13.12 Atlassian Jira Server or Data Center versions 8.14.0 through 8.19.0

Description The issue allows remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature.

Recommendations For versions prior to 8.13.12, update to version 8.13.12 or later. For versions 8.14.0 through 8.19.0, update to version 8.19.1 or later. As a temporary workaround, consider restricting access to the Email Template feature until a patch is available.