@architect/data (=1.0.0), @architect/workflows (>=1.0.11 <=2.8.2) +23 more potentially affected by CVE-2018-1000096 via tiny-json-http (>=1.0.3 <=6.2.0)

tiny-json-http NPM version =1.0.3, =1.0.11, =3.0.0, =0.0.1, =1.1.5, =0.0.1, =3.0.0-beta.1, =0.17.717, =0.4.1-alpha.1, =0.4.1, =1.0.0-alpha.2 and more Source cves: CVE-2018-1000096 Source advisory: OSV:GHSA-7H42-5VJ2-CQ39...

CVE-2018-1000096

CVE-2018-1000096 affects the tiny-json-http library (all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8). The root cause is Missing SSL certificate validation in the library’s core functionality, which can expose users to man-in-the-middle (MITM) attacks. The connected documents c...

CVE-2017-1000096

Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with...

CVE-2017-1000096

CVE-2017-1000096 : Concrete details in the connected docs show an arbitrary code execution vulnerability in Jenkins Pipelines due to incomplete sandbox protection. Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, e...

CVE-2017-1000096

The jenkins-plugin-script-security has incomplete sandbox protection which allows attackers to execute arbitrary code via constructors, instance variable initializers, and instance initializers in Pipeline scripts. Exploitation of this requires the attacker to have permission to configure Pipelin...