Description
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void.
Remediation
References
http://www.securityfocus.com/bid/98066
https://jenkins.io/security/advisory/2017-04-26/
Related Vulnerabilities
CVE-2013-4170 Vulnerability in npm package ember
CVE-2016-10622 Vulnerability in npm package nodeschnaps
CVE-2016-8738 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2022-39263 Vulnerability in npm package @next-auth/upstash-redis-adapter
CVE-2019-3868 Vulnerability in maven package org.keycloak:keycloak-core