Affected versions of Atlassian FishEye/Crucible allow remote attackers to execute arbitrary code via a Remote Code Execution (RCE) vulnerability via an unintentional expression in Freemarker tags, in Apache Struts.
The affected versions are before version 4.8.4.
Affected versions:
Fixed versions: