XML External Entity (XXE)

org.jenkins-ci.plugins, jdepend is vulnerable to XML External Entity XXE. The vulnerability is due to improper configuration of the XML parser that does not disable external entity processing, which allows an attacker to exploit crafted XML input to access sensitive information or perform...

CVE-2025-64134

Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity XXE attacks...

Jenkins JDepend Plugin vulnerable to XML external entity attacks

Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to configure input files for the "Report JDepend" step to have Jenkins parse a crafted file...

GHSA-JFG6-4GX3-3V7W Jenkins JDepend Plugin vulnerable to XML external entity attacks

Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to configure input files for the "Report JDepend" step to have Jenkins parse a crafted file...

EUVD-2025-36649

Jenkins JDepend Plugin vulnerable to XML external entity attacks...

XML External Entity (XXE) Injection

Overview org.jenkins-ci.plugins:jdepend is a The JDepend Plugin is a plugin to generate JDepend reports for builds. Affected versions of this package are vulnerable to XML External Entity XXE Injection due to XML parsing misconfiguration. An attacker can access sensitive information or induce...

CVE-2025-64134

Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2025-64134

Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2025-64134

Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2025-64134

CVE-2025-64134 affects the Jenkins JDepend Plugin (versions 1.3.1 and earlier) which embeds an outdated JDepend Maven Plugin that does not configure its XML parser to prevent XML External Entity (XXE) attacks. Reports and advisories describe XXE injection via crafted files in the JDepend Report s...

CVE-2025-64134

Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity XXE attacks...

Jenkins plugin JDepend 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

PT-2025-44283

Name of the Vulnerable Software and Affected Versions Jenkins JDepend Plugin versions 1.3.1 and earlier Description The Jenkins JDepend Plugin uses an outdated version of the JDepend Maven Plugin that lacks proper configuration of its XML parser. This configuration deficiency can allow for XML...

Fedora: Security Advisory for jdepend (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: jdepend-2.10-10.fc40

JDepend traverses a set of Java class and source file directories and generates design quality metrics for each Java package. JDepend allows you to automatically measure the quality of a design in terms of its extensibility, reusability, and maintainability to effectively manage and control packa...

new packages: jdepend

An update is available for jdepend. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...