SUSE CVE-2022-33980

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

Apache Commons Text: Arbitrary Code Execution

Background Apache Commons Text is a library focused on algorithms working on strings. Description Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to...

Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin

Pipeline Utility Steps Plugin implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library. Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of this...

GHSA-3G9Q-CMGV-G4P6 Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin

Pipeline Utility Steps Plugin implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library. Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of this...

PT-2022-27483 · Jenkins +1 · Jenkins Pipeline Utility Steps Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline Utility Steps Plugin versions 2.13.1 and earlier Description: The issue allows attackers who can configure Pipelines to read arbitrary files from the Jenkins controller file system. This is due to the lack of restriction on t...

GHSA-599F-7C49-W659 Arbitrary code execution in Apache Commons Text

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation...

DEBIAN-CVE-2022-33980

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...