Description
A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.0.69)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17310)
Apache Tomcat Improper Handling of Exceptional Conditions Vulnerability (CVE-2017-5664)
Dotclear Improper Authentication Vulnerability (CVE-2014-3781)