3 matches found
io.jenkins.plugins:sonarqube-generic-coverage (=1.0), org.jenkins-ci.plugins:github-autostatus (>=4.204.vf74143795d5f <=4.259.ve0468d8b_e5f1) potentially affected by CVE-2021-21677 via io.jenkins.plugins:code-coverage-api (>=1.0.11 <=1.1.0)
io.jenkins.plugins:code-coverage-api MAVEN version =1.0.11, =4.204.vf74143795d5f, =4.259.ve0468d8be5f1 Source cves: CVE-2021-21677 Source advisory: OSV:GHSA-58PR-HPRX-7HG6...
CVE-2021-21677
Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability...
CVE-2021-21677
CVE-2021-21677 affects Jenkins Code Coverage API Plugin for versions up to and including 1.4.0. The root cause is that the plugin does not apply Jenkins JEP-200 deserialization protection when deserializing Java objects from disk, enabling remote code execution. Connected advisories confirm the v...