Details
Description
Issue Summary
Bitbucket Server/DC includes the following two libraries, which may be vulnerable to CVE-2023-20860:
- <INSTALL_PATH>/app/WEB-INF/lib/spring-core-5.3.23.jar
- <INSTALL_PATH>/opensearch/plugins/opensearch-sql/spring-core-5.3.22.jar
Bitbucket isn't known to be vulnerable, but the vulnerability may still be reported by scanners, so it is necessary to update the library since Bitbucket uses a version that's reported to be vulnerable.
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available
Attachments
Issue Links
- causes
-
PS-130731 Loading...
- mentioned in
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...