Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.
https://jira.atlassian.com/browse/HCPUB-2980
https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-24-894234898.html