CVE-2020-14190

Summary

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.

Affected Software

VendorProductVersion RangeStatus
AtlassianFisheyeunspecified < 4.8.4affected
AtlassianCrucibleunspecified < 4.8.4affected

Weaknesses

  • Regex Denial of Service (ReDoS)

ADP Enrichment

CVE Program Container

Additional References

References