2 matches found
CVE-2025-64134
Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2025-64134
CVE-2025-64134 affects the Jenkins JDepend Plugin (versions 1.3.1 and earlier) which embeds an outdated JDepend Maven Plugin that does not configure its XML parser to prevent XML External Entity (XXE) attacks. Reports and advisories describe XXE injection via crafted files in the JDepend Report s...