GHSA-c329-r874-xc7j

Suggest an improvement
Source
https://github.com/advisories/GHSA-c329-r874-xc7j
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c329-r874-xc7j/GHSA-c329-r874-xc7j.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-c329-r874-xc7j
Aliases
Published
2022-05-24T17:10:30Z
Modified
2023-11-01T04:52:21.804398Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Remote Code Execution vulnerability in Jenkins Literate Plugin
Details

Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.

Database specific 
{
    "cwe_ids": [
        "CWE-502"
    ],
    "github_reviewed_at": "2023-01-05T21:05:44Z",
    "severity": "HIGH",
    "nvd_published_at": "2020-03-09T16:15:00Z",
    "github_reviewed": true
}
References

Affected packages

Maven / org.jenkins-ci.plugins:literate

Package

Name
org.jenkins-ci.plugins:literate
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/literate

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.0