-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from unsafe XML handling in createProjectFromXML. The pre-patch code used IOUtils.copy() to write raw XML input to disk, which was later parsed without XXE protections. The fix replaced this with XMLUtils.safeTransform() which explicitly disables external entities. The added test case in ItemGroupMixInTest.java demonstrates how XXE payloads would be blocked post-fix. The commit message '[SECURITY-173] use XMlUtils safe transformation' directly correlates to addressing this vulnerability in this function.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core | maven | >= 1.626, < 1.638 | 1.638 |
| org.jenkins-ci.main:jenkins-core | maven | < 1.625.2 | 1.625.2 |
JavaJavaOngoing coverage of React2Shell