Atlassian’s Confluence is a Java-based web application that provides a shared wiki-type workspace for enterprise employees. The vulnerability, tracked as CVE-2019-3396, is in the software’s Widget Connector that allows users to embed content from YouTube, Twitter and other websites into web pages. Attackers can exploit the flaw to inject a rogue template and achieve remote code execution on the server. There is currently no tool available to decrypt files affected by GandCrab version 5.2 which is being used in this attack.”]