Description
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".
Remediation
References
Related Vulnerabilities
Drupal Core 8.7.x Cross-Site Scripting (8.7.0 - 8.7.13)
WordPress 2.1.1 Cross-Site Scripting Vulnerability (2.1.1)
WordPress Plugin kk Star Ratings 'root' Parameter Remote File Include (1.7)
WordPress Plugin Frontend File Manager Cross-Site Request Forgery (21.3)
Python Uncontrolled Resource Consumption Vulnerability (CVE-2020-8492)