CVE-2021-21677

Deserialization of Untrusted Data in maven/io.jenkins.plugins/code-coverage-api

Identifier

CVE-2021-21677

Package Slug

maven/io.jenkins.plugins/code-coverage-api

Vulnerability

Deserialization of Untrusted Data

Description

Jenkins Code Coverage API Plugin does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.

Affected Versions

All versions up to 1.4.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2021-09-10

source