Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.
[
{
"product": "Atlassian Bitbucket Server before 4.7.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Atlassian Bitbucket Server before 4.7.1"
}
]
}
]