Description
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins.
Remediation
References
https://jenkins.io/security/advisory/2017-10-11/
Related Vulnerabilities
CVE-2023-32314 Vulnerability in npm package vm2
CVE-2023-35110 Vulnerability in maven package de.grobmeier.json:jjson
CVE-2023-49653 Vulnerability in maven package org.jenkins-ci.plugins:jira
CVE-2021-25646 Vulnerability in maven package org.apache.druid:druid-core
CVE-2022-36127 Vulnerability in npm package skywalking-backend-js