CVE-2021-42574

Name of the Vulnerable Software and Affected Versions Unicode Specification versions prior to 14.0 Jira Service Management (affected versions not specified) Jira Software (affected versions not specified) Jira Work Management (affected versions not specified)

Description The issue is related to the Bidirectional Algorithm in the Unicode Specification, which can be exploited to introduce targeted vulnerabilities invisibly to human reviewers. This is achieved by crafting source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. The Unicode Consortium has documented this class of vulnerability and provides guidance on mitigations. The vulnerability can affect applications that implement support for the Unicode Standard and the Unicode Bidirectional Algorithm. It is also known as the Trojan Source attack, which allows an adversary to encode source code for compilers accepting Unicode, introducing vulnerabilities that are not visible to human reviewers.

Recommendations For Unicode Specification versions prior to 14.0: Consider implementing the guidance on mitigations provided by the Unicode Consortium in Unicode Technical Standard #39, Unicode Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. For Jira Service Management, Jira Software, and Jira Work Management: At the moment, there is no information about a newer version that contains a fix for this vulnerability.