Total vulnerabilities in the database
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
| Software | From | Fixed in |
|---|---|---|
| atlassian / jira | - | 5.0.0.x |
| gliffy / gliffy | - | 3.7.x |
| gliffy / gliffy | 1.0.1 | 1.0.1.x |
| gliffy / gliffy | 2.0.0 | 2.0.0.x |
| gliffy / gliffy | 2.0.1 | 2.0.1.x |
| gliffy / gliffy | 2.1.0 | 2.1.0.x |
| gliffy / gliffy | 2.1.1 | 2.1.1.x |
| gliffy / gliffy | 2.1.2 | 2.1.2.x |
| gliffy / gliffy | 2.1.3 | 2.1.3.x |
| gliffy / gliffy | 2.2.0 | 2.2.0.x |
| gliffy / gliffy | 2.2.1 | 2.2.1.x |
| gliffy / gliffy | 2.2.2 | 2.2.2.x |
| gliffy / gliffy | 3.0.0 | 3.0.0.x |
| gliffy / gliffy | 3.0.1 | 3.0.1.x |
| gliffy / gliffy | 3.0.2 | 3.0.2.x |
| gliffy / gliffy | 3.0.3 | 3.0.3.x |
| gliffy / gliffy | 3.0.4 | 3.0.4.x |
| gliffy / gliffy | 3.0.5 | 3.0.5.x |
| gliffy / gliffy | 3.1.0 | 3.1.0.x |
| gliffy / gliffy | 3.1.1 | 3.1.1.x |
| gliffy / gliffy | 3.1.2 | 3.1.2.x |
| gliffy / gliffy | 3.1.3 | 3.1.3.x |
| gliffy / gliffy | 3.1.4 | 3.1.4.x |
| gliffy / gliffy | 3.5 | 3.5.x |
| gliffy / gliffy | 3.5.2 | 3.5.2.x |
| gliffy / gliffy | 3.6 | 3.6.x |
| gliffy / gliffy | 3.6.1 | 3.6.1.x |
| atlassian / confluence_server | 4.1.9 | 4.1.9.x |