Description
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.
Remediation
References
Related Vulnerabilities
Joomla Missing Authorization Vulnerability (CVE-2019-18674)
WordPress Plugin Comment Rating Cross-Site Request Forgery (2.9.20)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-43559)
Internet Information Services Other Vulnerability (CVE-2001-0506)
WordPress Plugin ND Shortcodes For Visual Composer Security Bypass (5.8)