Description
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins.
Remediation
References
https://jenkins.io/security/advisory/2017-10-11/
Related Vulnerabilities
CVE-2012-3451 Vulnerability in maven package org.apache.cxf:cxf-bundle
CVE-2021-41183 Vulnerability in maven package org.webjars.bower:jquery-ui
CVE-2020-2177 Vulnerability in maven package org.jenkins-ci.plugins:copr
CVE-2013-4316 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2013-0269 Vulnerability in maven package org.jruby:jruby