VulnerableCode Package Details - pkg:maven/org.jenkins-ci.main/jenkins-core@2.319.3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.jenkins-ci.main/jenkins-core@2.319.3

purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.319.3

Next non-vulnerable version	2.330
Latest non-vulnerable version	2.555
Risk	3.4

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-wrub-pwdz-qkhz Aliases: CVE-2022-0538 GHSA-34wx-x2w9-vqm3	Deserialization of Untrusted Data Jenkins defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.	2.334 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-wrub-pwdz-qkhz	Deserialization of Untrusted Data Jenkins defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.	CVE-2022-0538 GHSA-34wx-x2w9-vqm3

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T15:59:45.476770+00:00	GHSA Importer	Fixing	VCID-wrub-pwdz-qkhz	https://github.com/advisories/GHSA-34wx-x2w9-vqm3	38.0.0
2026-04-01T13:06:27.982938+00:00	GithubOSV Importer	Fixing	VCID-wrub-pwdz-qkhz	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-34wx-x2w9-vqm3/GHSA-34wx-x2w9-vqm3.json	38.0.0
2026-04-01T12:49:25.251297+00:00	GitLab Importer	Affected by	VCID-wrub-pwdz-qkhz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2022-0538.yml	38.0.0