This vulnerability allows unauthenticated remote attackers to inject code and XML as well as perform directory traversal via
- CVE-2017-1000487 - command injection
- sonatype-2016-0398 - directory traversal
- sonatype-2015-0173 - XML Injection
The affected versions are before version 7.2.2, and before 8.0.0.
It's build time vulnerability for Bamboo plugin and Bamboo Specs code.
- version < 7.2.2
Use parent pom of version 6.1.2
Add these lines to pom.xml