{"vulnerability": "cve-2021-3911", "sightings": [{"uuid": "94654360-02fc-4fbb-881d-f5ca0e2b90b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39115", "type": "published-proof-of-concept", "source": "https://t.me/ckuRED/12", "content": "CVE-2021-39115: Template Injection in Email Templates leads to code execution on Jira Service Management Server.\n\nhttps://github.com/PetrusViet/CVE-2021-39115", "creation_timestamp": "2021-09-12T04:56:17.000000Z"}, {"uuid": "ed2ac2e1-14de-464f-8b88-5e4cffcfeaba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39115", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7052", "content": "CVE-2021-39115: Template Injection in Email Templates leads to code execution on Jira Service Management Server.\n\nhttps://github.com/PetrusViet/CVE-2021-39115", "creation_timestamp": "2021-09-12T04:56:22.000000Z"}, {"uuid": "5bd4611b-7c1d-4f35-831f-240372d3cb8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39115", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7006", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 SSRF in PDF export with PhantomJs\n\nhttps://github.com/PetrusViet/CVE-2021-39115", "creation_timestamp": "2021-09-09T06:12:22.000000Z"}, {"uuid": "66eb9e9e-ff78-428b-82e2-e7fe61f9c623", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39115", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7005", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 CVE-2021-39115\n\nTemplate Injection in Email Templates leads to code execution on Jira Service Management Server\n\nhttps://github.com/PetrusViet/CVE-2021-39115", "creation_timestamp": "2021-09-09T04:47:08.000000Z"}, {"uuid": "66893c81-6deb-46f5-8962-6ffd9365f13c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39115", "type": "published-proof-of-concept", "source": "Telegram/B1FsTUoD4wEknA6uanAj-YDdIUyQYUl4HYxidDw-1JwuVQ", "content": "", "creation_timestamp": "2021-10-04T23:42:47.000000Z"}, {"uuid": "6e95f984-1c16-4a37-81f9-0afbd61981df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3911", "type": "seen", "source": "https://t.me/cibsecurity/32265", "content": "\u203c CVE-2021-3911 \u203c\n\nIf the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-12T00:38:11.000000Z"}, {"uuid": "a2403f27-775f-48d4-881b-c047ffec92b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39111", "type": "seen", "source": "https://t.me/cibsecurity/27995", "content": "\u203c CVE-2021-39111 \u203c\n\nThe Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-30T12:32:11.000000Z"}, {"uuid": "7801582c-02d9-49b3-b513-368e05c93bb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39113", "type": "seen", "source": "https://t.me/cibsecurity/27994", "content": "\u203c CVE-2021-39113 \u203c\n\nAffected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and from version 8.14.0 before 8.18.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-30T12:32:10.000000Z"}, {"uuid": "717c9c68-7af5-4036-9a34-cb18730807bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39117", "type": "seen", "source": "https://t.me/cibsecurity/27992", "content": "\u203c CVE-2021-39117 \u203c\n\nThe AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 8.18.0 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability via the name of a custom field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-30T12:32:07.000000Z"}, {"uuid": "f2e5131c-42da-420f-8f6f-7d58d29f386c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-39115", "type": "published-proof-of-concept", "source": "https://t.me/HackerOne/3176", "content": "Template Injection in Email Templates leads to code execution on Jira Service Management Server.\n\nhttps://github.com/PetrusViet/CVE-2021-39115", "creation_timestamp": "2021-09-12T22:29:39.000000Z"}]}