CVE-2021-25770: Code Injection
First published: Wed Feb 03 2021(Updated: )
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jetbrains Youtrack | <2020.5.3123 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-25770?
The severity of CVE-2021-25770 is critical with a CVSS score of 9.8.
What is the vulnerability in JetBrains YouTrack?
The vulnerability in JetBrains YouTrack is a server-side template injection (SSTI) issue.
How can server-side template injection in JetBrains YouTrack lead to code execution?
Server-side template injection in JetBrains YouTrack can allow an attacker to inject malicious code into templates, which when executed can lead to arbitrary code execution.
Which version of JetBrains YouTrack is affected by CVE-2021-25770?
JetBrains YouTrack before version 2020.5.3123 is affected by CVE-2021-25770.
How can I fix CVE-2021-25770?
To fix CVE-2021-25770, it is recommended to update JetBrains YouTrack to version 2020.5.3123 or later.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/author
- agent/event
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/jetbrains
- canonical/jetbrains youtrack