Vulnerabilities > Atlassian > Bitbucket > 7.4.1

DATE CVE VULNERABILITY TITLE RISK
2022-11-17 CVE-2022-43781 Command Injection vulnerability in Atlassian Bitbucket
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center.
network
low complexity
atlassian CWE-77
critical
9.8
2022-08-25 CVE-2022-36804 Unspecified vulnerability in Atlassian Bitbucket
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request.
network
low complexity
atlassian
8.8