Описание
Hudson XML API susceptible to External Entity Injection Vunerability prior to v3.3.2
In versions prior to 3.3.2, Hudson exhibits a flaw in its XML API processing that can allow access to potentially sensitive information on the filesystem of the Hudson master server.
Пакеты
Наименование
org.jvnet.hudson.main:hudson-core
maven
Затронутые версииВерсия исправления
< 3.3.2
3.3.2
Связанные уязвимости
CVSS3: 9.8
nvd
больше 3 лет назад
Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks.