Critical command injection vulnerability discovered in Bitbucket Server and Data Center


Researchers caution that a serious command injection vulnerability in a Bitbucket product could allow an attacker to run arbitrary code. Git-based source code repository hosting service Bitbucket is a product of Atlassian.

A command injection vulnerability exists in several API endpoints of Bitbucket Server and Data Center and is listed as CVE-2022-36804. By making a malicious HTTP request, remote attackers with read access to a public or private Bitbucket repository may be able to execute arbitrary code. Read More…