CVE-2017-2608: Deserialization of Untrusted Data
(updated )
Jenkins is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio
in XStream-based APIs.
References
Detect and mitigate CVE-2017-2608 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →