In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.

Related CVEs

CVE-2021-34427

Key Information

GHSA ID

GHSA-c7m8-c6v2-pxw4

Published

May 24, 2022 7:06 PM

Last Modified

October 27, 2022 7:00 PM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: November 25, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.