CVE-2021-21607

Allocation of Resources Without Limits or Throttling in maven/org.jenkins-ci.main/jenkins-core

Identifiers

CVE-2021-21607

Package Slug

maven/org.jenkins-ci.main/jenkins-core

Vulnerability

Allocation of Resources Without Limits or Throttling

Description

Jenkins does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors.

Affected Versions

All versions after 2.263.1 up to 2.274

Solution

Unfortunately, there is no solution available yet.

Last Modified

2021-01-18

source