High severity7.2NVD Advisory· Published Sep 16, 2021· Updated Jun 17, 2026
CVE-2021-39128
CVE-2021-39128
Description
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- Range: <8.13.12, >=8.14.0 <8.19.1
<8.13.12, >=8.14.0 <8.19.1+ 1 more
- (no CPE)range: <8.13.12, >=8.14.0 <8.19.1
- (no CPE)range: unspecified
<8.13.12, >=8.14.0 <8.19.1+ 1 more
- (no CPE)range: <8.13.12, >=8.14.0 <8.19.1
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1- jira.atlassian.com/browse/JRASERVER-72804nvdIssue TrackingVendor Advisory
News mentions
0No linked articles in our index yet.