Details
-
Bug
-
Resolution: Fixed
-
Low
-
4.9.0
-
Minor
-
Description
Affected versions of Atlassian FishEye/Crucible allow remote attackers to execute arbitrary code via a Remote Code Execution (RCE) vulnerability via an unintentional expression in Freemarker tags, in Apache Struts.
The affected versions are before version 4.8.4.
Affected versions:
- version < 4.8.4
Fixed versions:
- 4.8.4
- 4.9.0
Attachments
Issue Links
- is cloned from
-
CRUC-8497 Remote Code Execution attack via unintentional expression in Freemarker tag - CVE-2017-12611
- Closed