The host is installed with Atlassian Bitbucket Server 7.0.0 before 7.6.17, 7.7.0 before 7.17.10, 7.18.0 before 7.21.4, 8.0.0 before 8.0.3, 8.1.0 before 8.1.3, and 8.2.0 before 8.2.2 or 8.3.0 before 8.3.1 and is prone to a command injection vulnerability. A flaw is present in the application, which fails to handle an issue in multiple API endpoints. Successful exploitation allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request.