Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.jenkins-ci.plugins/squashtm-publisher@1.0.0
Typemaven
Namespaceorg.jenkins-ci.plugins
Namesquashtm-publisher
Version1.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-k23f-yjv9-n7cq
vulnerability_id VCID-k23f-yjv9-n7cq
summary 
Protection Mechanism Failure
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string.
references
0
reference_url https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2525
reference_id
reference_type
scores
url https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2525
1
reference_url http://www.openwall.com/lists/oss-security/2021/11/12/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2021/11/12/1
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43578
reference_id CVE-2021-43578
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-43578
fixed_packages
aliases CVE-2021-43578
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k23f-yjv9-n7cq
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/squashtm-publisher@1.0.0