com.bmc.ims:bmc-cfa (=198.vfe106798d1a6), com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9) +135 more potentially affected by CVE-2018-1000058 via org.jenkins-ci.plugins.workflow:workflow-support (>=0.1-beta-1 <=2.17)

org.jenkins-ci.plugins.workflow:workflow-support MAVEN version =0.1-beta-1, =1.9.2-beta, =8.0.12, =0.8, =1.0.14, =1.0, =1.3.0, =1.0, =1.0, =0.9.0, =1.14, =3.11, =3.14 and more Source cves: CVE-2018-1000058 Source advisory: OSV:GHSA-P3G4-9XFV-WQ9V...

CVE-2018-1000058

CVE-2018-1000058 affects Jenkins Pipeline: Supporting APIs Plugin up to version 2.17. Root cause: incomplete sandbox protection allowing deserialization via readResolve in Pipeline scripts, enabling arbitrary code execution. Impact: remote code execution with network access; high severity per lin...

CVE-2018-1000058

Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary...

CVE-2017-1000058

Chevereto CMS (prior to 3.8.11) contains stored XSS in two vectors: the user profile input and the Exif data parser. Root cause: unsafe handling of user-supplied content leads to script/HTML injection that persists in the application. Impact: potential execution of arbitrary scripts in a victim’s...