CVE-2021-43185: 
YouTrack vulnerability analysis and mitigation

JetBrains YouTrack before version 2021.3.23639 was found to be vulnerable to Host header injection. The vulnerability was reported by Artem Ivanov and was assigned CVE-2021-43185. This security issue was disclosed on November 8, 2021, affecting all versions of YouTrack prior to the patched version (JetBrains Blog).

The vulnerability has been assigned a CVSS v3.1 Base Score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Under the Common Weakness Enumeration (CWE) system, this vulnerability is categorized as CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (NVD).

The vulnerability's critical CVSS score of 9.8 indicates severe potential impacts on system confidentiality, integrity, and availability. Host header injection vulnerabilities can typically lead to various attacks including web cache poisoning, DNS rebinding, and in some cases, server-side request forgery (NVD).

The vulnerability was patched in YouTrack version 2021.3.23639. Users are advised to upgrade to this version or later to mitigate the security risk (JetBrains Blog).