The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API.
Affected versions:
Fixed versions:
This is fixed in versions 8.5.4, 8.6.1 and 8.7.0.