PT-2017-13567 · Mercurial+1 · Mercurial+1

Zhang Tianqi

Published

2017-11-29

Updated

2017-12-20

CVE-2017-14591

CVSS v2.0

9.3

Critical

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Atlassian Fisheye and Crucible versions less than 4.4.3 Atlassian Fisheye and Crucible version 4.5.0

Description The issue allows for argument injection through filenames in Mercurial repositories, enabling attackers to execute arbitrary code on a system running the impacted software.

Recommendations For versions less than 4.4.3, update to version 4.4.3 or later. For version 4.5.0, update to a version later than 4.5.0.

Fix

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88

Related Identifiers

CVE-2017-14591

Affected Products

Fisheye/Crucible

Mercurial

PT-2017-13567 · Mercurial+1 · Mercurial+1

CVE-2017-14591

Weakness Enumeration

Related Identifiers

Affected Products

References · 4