14 matches found
EUVD-2022-5032
Malicious code in bioql PyPI...
CVE-2017-1000248
Redis-store =v1.3.0 allows unsafe objects to be loaded from redis...
BIT-JENKINS-2021-21604
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator...
GHSA-QV6F-RCV6-6Q3X Improper handling of REST API XML deserialization errors in Jenkins
Jenkins provides XML REST APIs to configure views, jobs, and other items. When deserialization fails because of invalid data, Jenkins 2.274 and earlier, LTS 2.263.1 and earlier stores invalid object references created through these endpoints in the Old Data Monitor. If an administrator discards t...
PT-2021-23351 · Gradle · Gradle Enterprise
Name of the Vulnerable Software and Affected Versions: Gradle Enterprise versions prior to 2021.1.3 Description: The issue allows a crafted request to trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys. Recommendations: For versions...
jenkins: Improper handling of REST API XML deserialization errors
A flaw was found in jenkins. An attacker with permission to create or configure various objects to inject crafted content into Old Data Monitor can cause the instantiation of potentially unsafe objects once discarded by an administrator. The highest threat from this vulnerability is to data...
jenkins: Improper handling of REST API XML deserialization errors
A flaw was found in jenkins. An attacker with permission to create or configure various objects to inject crafted content into Old Data Monitor can cause the instantiation of potentially unsafe objects once discarded by an administrator. The highest threat from this vulnerability is to data...
CVE-2021-21604
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator...
CVE-2021-21604
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator...
UBUNTU-CVE-2017-1000248
Redis-store =v1.3.0 allows unsafe objects to be loaded from redis...
Design/Logic Flaw
Redis-store =v1.3.0 allows unsafe objects to be loaded from redis...
CVE-2017-1000248
Redis-store =v1.3.0 allows unsafe objects to be loaded from redis...
DEBIAN-CVE-2017-1000248
Redis-store =v1.3.0 allows unsafe objects to be loaded from redis...
Unsafe objects can be loaded from Redis
Redis-store =v1.3.0 allows unsafe objects to be loaded from Redis via the use of the Marshal serializer...