Description
The dependency on Apache Commons Collections should be upgraded to v.3.2.2 to incorporate the fix for: COLLECTIONS-580 - Arbitrary remote code execution with InvokerTransformer
There is no known exploit for this vulnerability in Bitbucket Server or Bitbucket Data Centre, however this library should be upgraded regardless.
Attachments
Issue Links
- is duplicated by
-
BSERV-8202 Security vulnerability in apache commons collections
-
- Closed
-