CVE-2022-24442: FreeMarker Server-Side Template Injection in JetBrains YouTrack
CVE-2022-24442: FreeMarker Server-Side Template Injection in JetBrains YouTrack
By inserting malicious content in the Notification FTL files, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and obtain RCE (Remote Code Execution)
Note: This issue exists because of an incomplete fix for C