Description
Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Remediation
References
https://jenkins.io/security/advisory/2020-05-06/#SECURITY-1826
http://www.openwall.com/lists/oss-security/2020/05/06/3
Related Vulnerabilities
CVE-2022-25873 Vulnerability in maven package org.webjars.npm:vuetify
CVE-2016-5007 Vulnerability in maven package org.springframework:spring-webmvc
CVE-2015-0201 Vulnerability in maven package org.springframework:spring-websocket
CVE-2022-4725 Vulnerability in maven package com.amazonaws:aws-android-sdk-core
CVE-2023-5720 Vulnerability in maven package io.quarkus:quarkus-project