[FE-3891] Webwork 2 vulnerability

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 2.6.7, 2.7.9
Affects Version/s: None
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

We have identified and fixed a code injection vulnerability in FishEye and Crucible caused by an underlying vulnerability in the third-party Webwork 2 framework.

All versions of FishEye/Crucible from 2.0 up are affected.

This issue is reported in our security advisories on these pages:
FishEye
Crucible

This vulnerability is a variant of a recently disclosed Struts2 vulnerability

There are no comments yet on this issue.

Assignee:: VitalyA

Reporter:: paulwatson (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 17/Jan/2012 12:44 AM

Updated:: 22/Sep/2015 8:57 AM

Resolved:: 23/Dec/2013 3:16 AM

FishEye

Details

Description

Attachments

Forms

Activity

People

Dates