Atlassian discovered a vulnerability in its Confluence Server which they need to patch to remedy a Critical-rated flaw.
Confluence Server Webwork OGNL injection vulnerability could allow an authenticated user, or unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance.
However, Atlassian's own Confluence Cloud was patched but other hosted Confluence offerings might be vulnerable.
Source: https://www.theregister.com/2021/08/26/atlassian_critical_confluence_flaw/
"id": "ATL0214622",
"linkid": "atlassian",
"type": "Vulnerability",
"date": "08/2021",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"