Description
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.
Remediation
References
Related Vulnerabilities
WebLogic Download of Code Without Integrity Check Vulnerability (CVE-2020-5398)
Atlassian Jira CVE-2019-20403 Vulnerability (CVE-2019-20403)
Oracle Database Server CVE-2011-0830 Vulnerability (CVE-2011-0830)
WordPress Plugin Postie 'From' Field Cross-Site Scripting (1.4.3)
WordPress Plugin Thrive Clever Widgets Security Bypass (1.56)