Vulnerabilities > Atlassian > Crucible > 4.8.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-21 | CVE-2020-29447 | Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian Crucible Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. | 4.3 |
| 2020-11-25 | CVE-2020-14190 | Resource Exhaustion vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. | 7.5 |
| 2020-11-25 | CVE-2020-14191 | Unspecified vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. | 7.5 |
| 2020-06-01 | CVE-2020-4023 | Cross-site Scripting vulnerability in Atlassian Crucible The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter. | 5.4 |