CVE-2020-2305

Improper Restriction of XML External Entity Reference in maven/org.jenkins-ci.plugins/mercurial

Identifier

CVE-2020-2305

Package Slug

maven/org.jenkins-ci.plugins/mercurial

Vulnerability

Improper Restriction of XML External Entity Reference

Description

Jenkins Mercurial Plugin does not configure its XML parser to prevent XML external entity (XXE) attacks.

Affected Versions

All versions up to 2.11

Solution

Upgrade to version 2.12 or higher

Last Modified

2020-11-13

source