Input validation

2017-11-2921:29:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.4%

JSON

Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.

CPENameOperatorVersion
cruciblelt4.4.3
crucibleeq4.5.0
fisheyelt4.4.3
fisheyeeq4.5.0

Name	Operator	Version
crucible	lt	4.4.3
crucible	eq	4.5.0
fisheye	lt	4.4.3
fisheye	eq	4.5.0

References

www.securityfocus.com/bid/102194

confluence.atlassian.com/x/plcGO