CVE-2017-14591
published 2017-11-29CVE-2017-14591: Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories…
critical9CVSS 3.0
AVNACHPRNUINSCCHIHAH
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | crucible | < 4.4.3 | 4.4.3 |
| atlassian | crucible | — | — |
| atlassian | fisheye | < 4.4.3 | 4.4.3 |
| atlassian | fisheye | — | — |
| atlassian | fisheye_and_crucible | — | — |