Description
A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.
Remediation
References
https://jenkins.io/security/advisory/2018-08-15/#SECURITY-637
Related Vulnerabilities
CVE-2018-1999005 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2018-1000152 Vulnerability in maven package org.jenkins-ci.plugins:vsphere-cloud
CVE-2018-10054 Vulnerability in maven package com.h2database:h2
CVE-2023-42795 Vulnerability in maven package org.apache.tomcat:tomcat
CVE-2013-4271 Vulnerability in maven package org.restlet:org.restlet