Description
Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).
Remediation
References
Related Vulnerabilities
Liferay DXP Insecure Default Initialization of Resource Vulnerability (CVE-2025-43797)
Liferay Portal Unchecked Input for Loop Condition Vulnerability (CVE-2025-43801)
Ruby on Rails Memory Allocation with Excessive Size Value Vulnerability (CVE-2026-33174)
XWikiplatform Missing Authorization Vulnerability (CVE-2024-55879)