In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
|https://jira.atlassian.com/browse/CONFSERVER-67940||Issue Tracking Patch Vendor Advisory|
|http://packetstormsecurity.com/files/164013/Confluence-Server-7.12.4-OGNL-Injection-Remote-Code-Execution.html||Exploit Third Party Advisory VDB Entry|
|http://packetstormsecurity.com/files/164122/Atlassian-Confluence-WebWork-OGNL-Injection.html||Exploit Third Party Advisory VDB Entry|
Configuration 1 (hide)
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')