We have identified and fixed a code injection vulnerability in FishEye and Crucible caused by an underlying vulnerability in the third-party Webwork 2 framework.

All versions of FishEye/Crucible from 2.0 up are affected.

This issue is reported in our security advisories on these pages:
FishEye
Crucible

This vulnerability is a variant of a recently disclosed Struts2 vulnerability