The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
How you guys are mitigating Security Vulnerability CVE-2021-42574? I am still unable to understand the risk, impact and mitigation done by Atlassian. Is there any other workaround than upgrade?
Here is a nice blog post about it: https://www.adaptavist.com/blog/trojan-codes-in-atlassian-products-and-scriptrunner
The main takeaway for me was that Jira or Confluence are not directly at risk, but they can be used to trick someone else to copy code from jira/confluence into another system and then when that system is built/executed, then that system may contain bad code that the developer didn't realize they copied.