Description
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.
Remediation
References
Related Vulnerabilities
WordPress Plugin UPM Polls 'qid' Parameter SQL Injection (1.0.3)
WordPress Plugin DukaPress PHP Object Injection (3.1.20)
WordPress Plugin mywebcounter Cross-Site Scripting (1.1)
WordPress Plugin WooCommerce PDF Vouchers-Ultimate Gift Cards Unspecified Vulnerability (4.9.4)
WordPress Plugin Store Locator Plus for WordPress Cross-Site Scripting (4.5.10)