CVE-2017-14591

Summary

Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.

Affected Software

VendorProductVersion RangeStatus
AtlassianFisheye and CrucibleVersions less than 4.4.3 OR version 4.5.0affected

Weaknesses

  • Arbitrary Code Execution

ADP Enrichment

CVE Program Container

Additional References

References