Versions of Bamboo prior to 5.11.4.1 contain a Java object deserialization flaw that is triggered when handling certain input from build agents. This may allow a remote attacker to potentially execute arbitrary code.
Binary data 9669.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5229
jira.atlassian.com/browse/BAM-17736