Lucene search
K
JenkinsMost viewed

1464 matches found

Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•5 views

Missing permission checks in CONS3RT allow enumerating credentials IDs

CONS3RT 1.0.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability. ...

4.3CVSS5.1AI score0.00544EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/07/27 12:0 a.m.•5 views

Missing permission checks in hashicorp-vault-plugin allow capturing credentials

hashicorp-vault-plugin 354.vdb858fd6bf48 and earlier does not perform permission checks in several HTTP endpoints performing Vault connection tests. This allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys. hashicorp-vault-plug...

6.5CVSS6.4AI score0.00605EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/07/27 12:0 a.m.•5 views

Missing permission check in android-signing allows listing workspace contents

android-signing 2.2.5 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. A...

4.3CVSS5AI score0.00569EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/07/27 12:0 a.m.•5 views

Missing permission check in buckminster

buckminster 1.1.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. A sequence of requests can be used to...

4.3CVSS5AI score0.00486EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/07/27 12:0 a.m.•5 views

Lack of authentication mechanism in git webhook

git provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In git 4.11....

8.8CVSS6.4AI score0.05563EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/07/27 12:0 a.m.•5 views

CSRF vulnerability in external-monitor-job

external-monitor-job 191.v363d0d1efdf8 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to create runs of an external job. external-monitor-job 192.ve979ca8b3ccd requires POST request...

4.3CVSS4.9AI score0.00362EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/07/27 12:0 a.m.•5 views

CSRF vulnerability and missing permission check in openshift-deployer

openshift-deployer 1.2.0 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from...

6.5CVSS5.6AI score0.00699EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/07/27 12:0 a.m.•5 views

Missing permission check in files-found-trigger allows listing the Jenkins controller file system

files-found-trigger 1.5 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. A sequence of requests can be...

4.3CVSS5AI score0.00581EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/07/27 12:0 a.m.•5 views

Missing permission check in coverity allows enumerating credentials IDs

coverity 1.11.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability. As ...

4.3CVSS5AI score0.00581EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/07/27 12:0 a.m.•5 views

Reflected XSS vulnerability in lucene-search

lucene-search 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the search result page. This results in a reflected cross-site scripting XSS vulnerability. As of publication of this advisory, there is no fix. Learn why we announce this...

8.8CVSS5.4AI score0.00607EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•5 views

Incorrect permission check in requests allows viewing pending requests

requests 2.2.16 and earlier does not correctly perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to view the list of pending requests. NOTE: This is basically the same vulnerability as SECURITY-1995, whose fix was ineffective. requests 2.2.17...

4.3CVSS5AI score0.00516EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•5 views

CSRF vulnerability in matrix-reloaded

matrix-reloaded 1.1.3 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to rebuild previous matrix builds. As of publication of this advisory, there is no fix. Learn why we announce th...

6.5CVSS6.3AI score0.00497EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•5 views

Tokens stored in plain text by build-notifications

build-notifications 1.5.0 and earlier stores multiple tokens unencrypted in its global configuration files on the Jenkins controller as part of its configuration: Pushover Application Token in tools.devnull.jenkins.plugins.buildnotifications.PushoverNotifier.xml Slack Bot Token in...

4.3CVSS5AI score0.00557EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•5 views

Missing permission check in rqm-plugin allows enumerating credentials IDs

rqm-plugin 2.8 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability. As o...

6.5CVSS6.4AI score0.00686EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•5 views

Password stored in plain text by elasticsearch-query

elasticsearch-query 1.2 and earlier stores a password unencrypted in its global configuration file org.jenkinsci.plugins.elasticsearchquery.ElasticsearchQueryBuilder.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins...

6.5CVSS6.4AI score0.00686EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•5 views

CSRF vulnerability and missing permission checks in Recipe allow XXE

Recipe 1.2 and earlier does not perform a permission check in multiple HTTP endpoints. This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. As the plugin does not configure its XML parser to prevent XML external...

8.8CVSS6.9AI score0.00885EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•5 views

Missing permission checks in ec2-deployment-dashboard allow enumerating credentials IDs

ec2-deployment-dashboard 1.0.10 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using anoth...

4.3CVSS5.1AI score0.00684EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/30 12:0 a.m.•5 views

Stored XSS vulnerability in xfpanel

xfpanel 2.0.1 and earlier does not escape the job names used in tooltips. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. As of publication of this advisory, there is no fix. Learn why we announce this...

8CVSS5.3AI score0.00668EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•5 views

Improper authorization in embeddable-build-status bypasses ViewStatus permission requirement

embeddable-build-status 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access. This allows attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or...

7.5CVSS7.2AI score0.01137EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•5 views

Reflected XSS vulnerability in nested-view

nested-view 1.20 through 1.25 both inclusive does not escape search parameters. This results in a reflected cross-site scripting XSS vulnerability. nested-view 1.26 escapes search parameters...

8.8CVSS5.8AI score0.00911EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•5 views

Stored XSS vulnerabilities in multiple plugins providing additional parameter types

Multiple plugins do not escape the name and description of the parameter types they provide: Agent Server Parameter 1.1 and earlier SECURITY-2731 / CVE-2022-34183 CRX Content Package Deployer 1.9 and earlier SECURITY-2727 / CVE-2022-34184 Date Parameter Plugin 0.0.4 and earlier SECURITY-2711 /...

8CVSS5.4AI score0.00759EPSS
Exploits0Affected Software16
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•5 views

CSRF vulnerability and missing permission checks in jianliao

jianliao 1.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL. Additionally, this form validation method does not require POST requests, resulting in...

6.5CVSS5.4AI score0.00525EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•5 views

CSRF vulnerability and missing permission checks in easyqa

easyqa 1.0 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. Additionally, this form validation method does not require POST requests, resulting in a...

8.8CVSS6.2AI score0.00525EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•5 views

CSRF vulnerability and missing permission check in threadfix

threadfix 1.5.4 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this form validation method does not require POST requests, resulting in a cross-site...

6.5CVSS6.3AI score0.00617EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•5 views

Passwords stored in plain text by Squash TM Publisher (Squash4Jenkins)

Squash TM Publisher Squash4Jenkins 1.0.0 and earlier stores passwords unencrypted in its global configuration file org.jenkinsci.squashtm.core.SquashTMPublisher.xml on the Jenkins controller as part of its configuration. These passwords can be viewed by users with access to the Jenkins controller...

6.5CVSS6.4AI score0.00691EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•5 views

Multiple XSS vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in Jenkins 2.355 and earlier, LTS 2.332.3 and earlier allow attackers to inject HTML and JavaScript into the Jenkins UI: SECURITY-2779 CVE-2022-34170: Since Jenkins 2.320 and LTS 2.332.1, help icon tooltips no longer escape the feature name,...

8CVSS5.3AI score0.01361EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•5 views

Observable timing discrepancy allows determining username validity

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. This...

7.5CVSS7.2AI score0.01229EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•5 views

Reflected XSS vulnerability in embeddable-build-status

embeddable-build-status 2.0.3 allows specifying a link query parameter that build status badges will link to, without restricting possible values. This results in a reflected cross-site scripting XSS vulnerability. embeddable-build-status 2.0.4 limits URLs to http and https protocols and correctl...

8.8CVSS5.8AI score0.00911EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/06/22 12:0 a.m.•5 views

CSRF vulnerability and missing permission checks in convertigo-mobile-platform

convertigo-mobile-platform 1.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this form validation method does not require POST requests, resulting ...

8.8CVSS6.8AI score0.00574EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/05/17 12:0 a.m.•5 views

CSRF vulnerability in Autocomplete Parameter results in RCE

Autocomplete Parameter 1.1 and earlier does not require POST requests for a form validation endpoint executing a provided Groovy script, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to execute arbitrary code without sandbox protection if the...

8.8CVSS8.3AI score0.00836EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/05/17 12:0 a.m.•5 views

Stored XSS vulnerability in rundeck

rundeck 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads. rundeck 3.6.11 sanitizes URLs submitted in Rundeck webhook payloads...

8CVSS5.3AI score0.71943EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/03/29 12:0 a.m.•5 views

XSS vulnerability in ci-with-toad-edge

ci-with-toad-edge 2.3 and earlier uses a patched fork of an old version of the file browser for workspaces, archived artifacts, and userContent/ from Jenkins core DirectoryBrowserSupport to serve reports. This fork removes the Content-Security-Policy header functionality introduced for SECURITY-9...

8CVSS5.5AI score0.00792EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/03/29 12:0 a.m.•5 views

Missing permission check in ci-with-toad-edge

ci-with-toad-edge 2.3 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. ci-with-toad-edge 2.4 requires...

4.3CVSS5.1AI score0.00719EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/03/29 12:0 a.m.•5 views

Missing permission checks in Pipeline: Phoenix AutoTest allow enumerating credentials IDs

Pipeline: Phoenix AutoTest 1.3 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using anothe...

6.5CVSS6.4AI score0.00722EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/03/29 12:0 a.m.•5 views

Stored XSS vulnerability in atlassian-bitbucket-server-integration

atlassian-bitbucket-server-integration 2.0.0 through 3.1.0 inclusive does not limit URL schemes for callback URLs on OAuth consumers. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create BitBucket Server consumers...

8CVSS5.3AI score0.00792EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/03/15 12:0 a.m.•5 views

Passwords stored in plain text by dbCharts

dbCharts 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file hudson.plugins.dbcharts.DbChartPublisher.xml on the Jenkins controller as part of its configuration. These passwords can be viewed by users with access to the Jenkins controller file system. A...

6.5CVSS6.4AI score0.00887EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/03/15 12:0 a.m.•5 views

Stored XSS vulnerability in favorite

favorite 2.4.0 and earlier does not escape the names of jobs in the favorite column. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure or Item/Create permissions. favorite 2.4.1 escapes the names of jobs in the favorite column...

8CVSS5.3AI score0.00792EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/02/15 12:0 a.m.•5 views

CSRF vulnerability and missing permission checks in checkmarx allow capturing credentials

checkmarx 2022.1.2 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...

8.8CVSS6.8AI score0.00742EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/02/15 12:0 a.m.•5 views

Stored XSS vulnerability in Team Views

Team Views 0.9.0 and earlier does not escape team names. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Read permission. As of publication of this advisory, there is no fix. Learn why we announce this...

8CVSS5.3AI score0.00783EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/02/15 12:0 a.m.•5 views

Missing synchronization vulnerability in convertigo-mobile-platform allow to capture passwords

convertigo-mobile-platform 1.1 and earlier uses static fields to store job configuration information. This allows attackers with Item/Configure permission to capture passwords of the jobs that will be configured. As of publication of this advisory, there is no fix. Learn why we announce this...

6.5CVSS6.4AI score0.00809EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/02/15 12:0 a.m.•5 views

Agent-to-controller security bypass in hashicorp-vault-plugin allows reading arbitrary files

hashicorp-vault-plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. This allows attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. NOTE: This...

6.5CVSS6.5AI score0.00809EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/02/15 12:0 a.m.•5 views

Sandbox bypass vulnerability in workflow-cps-global-lib

workflow-cps-global-lib 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create directories without canonicalization or sanitization. This allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially...

8.8CVSS8.4AI score0.01601EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/02/09 12:0 a.m.•5 views

DoS vulnerability in bundled XStream library

Jenkins 2.333 and earlier, LTS 2.319.2 and earlier is affected by the XStream library's vulnerability https://x-stream.github.io/CVE-2021-43859.htmlCVE-2021-43859. This library is used by Jenkins to serialize and deserialize various XML files, like global and job config.xml, build.xml, and numero...

7.5CVSS7.2AI score0.07934EPSS
Exploits1Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/01/12 12:0 a.m.•5 views

Agent-to-controller security bypass in Debian Package Builder

Debian Package Builder 1.6.11 and earlier implements functionality that allows agent processes to invoke command-line git at an attacker-specified path on the controller. This allows attackers able to control agent processes to invoke arbitrary OS commands on the controller. As of publication of...

9CVSS8AI score0.01603EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/01/12 12:0 a.m.•5 views

Missing permission checks in ssh-agent allow enumerating credentials IDs

ssh-agent 1.23 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability. An...

4.3CVSS5.1AI score0.00748EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/01/12 12:0 a.m.•5 views

Stored XSS vulnerability in badge

badge allows adding custom build badges with a custom description and optionally a link to a URL. badge 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge. This results in a stored cross-site scripting XSS vulnerability exploitable by...

8CVSS5.3AI score0.00839EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2021/11/04 12:0 a.m.•5 views

Path traversal vulnerability in subversion allows reading arbitrary files

subversion 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. This allows attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. subversion 2.15.1 checks for the presence ...

7.5CVSS7.3AI score0.02073EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2021/10/06 12:0 a.m.•5 views

Jenkins core bundles vulnerable version of the commons-httpclient library

Jenkins 2.314 and earlier, LTS 2.303.1 and earlier bundles a version of the commons-httpclient library with the vulnerability https://nvd.nist.gov/vuln/detail/CVE-2014-3577CVE-2014-3577 that incorrectly verified SSL/TLS certificates, making it susceptible to man-in-the-middle attacks. This librar...

5.8CVSS6.4AI score0.09149EPSS
Exploits1Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2021/08/31 12:0 a.m.•5 views

RCE vulnerability in code-coverage-api

code-coverage-api 1.4.0 and earlier does not apply https://github.com/jenkinsci/jep/tree/master/jep/200JEP-200 deserialization protection to Java objects it deserializes from disk. This results in a remote code execution RCE vulnerability exploitable by attackers able to control agent processes...

8.8CVSS8.8AI score0.02213EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2021/06/30 12:0 a.m.•5 views

Missing permission check in requests allows viewing pending requests

requests 2.2.6 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to view the list of pending requests. requests 2.2.7 requires Overall/Administer permission to view the list of pending requests. NOTE: The previous sentence...

4.3CVSS5AI score0.0097EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1464