Argument Injection Vulnerability in Atlassian Fisheye and Crucible Versions Less than 4.4.3 and 4.5.0

Argument Injection Vulnerability in Atlassian Fisheye and Crucible Versions Less than 4.4.3 and 4.5.0

CVE-2017-14591 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.

Learn more about our Web Application Penetration Testing UK.