{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57209?format=json","vulnerability_id":"VCID-rus3-fvn9-53h9","summary":"Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin\nJenkins Git Client Plugin 2.8.4 and earlier did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.","aliases":[{"alias":"CVE-2019-10392"},{"alias":"GHSA-hw6x-2qwv-rxr7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83299?format=json","purl":"pkg:maven/org.jenkins-ci.plugins/git-client@2.8.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git-client@2.8.5"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/993789?format=json","purl":"pkg:maven/org.jenkins-ci.plugins/git-client@2.8.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/git-client@2.8.4"},{"url":"http://public2.vulnerablecode.io/api/packages/105400?format=json","purl":"pkg:rpm/redhat/atomic-enterprise-service-catalog@1:4.1.37-202003020601.git.0.5784dc4?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-enterprise-service-catalog@1:4.1.37-202003020601.git.0.5784dc4%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/105401?format=json","purl":"pkg:rpm/redhat/atomic-enterprise-service-catalog@1:4.2.20-202002170402.git.1.159e2f5?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-enterprise-service-catalog@1:4.2.20-202002170402.git.1.159e2f5%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/104360?format=json","purl":"pkg:rpm/redhat/atomic-enterprise-service-catalog@1:4.3.3-202002170501.git.1.f30799e?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqtx-g1cs-6ybn"},{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-enterprise-service-catalog@1:4.3.3-202002170501.git.1.f30799e%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/105396?format=json","purl":"pkg:rpm/redhat/atomic-openshift-service-idler@4.2.20-202002170402.git.1.43218bc?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-service-idler@4.2.20-202002170402.git.1.43218bc%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/104377?format=json","purl":"pkg:rpm/redhat/atomic-openshift-service-idler@4.3.3-202002170501.git.1.4feff9c?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqtx-g1cs-6ybn"},{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-service-idler@4.3.3-202002170501.git.1.4feff9c%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/105404?format=json","purl":"pkg:rpm/redhat/cri-o@1.13.12-6.dev.rhaos4.1.git8abaaeb?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-o@1.13.12-6.dev.rhaos4.1.git8abaaeb%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/105399?format=json","purl":"pkg:rpm/redhat/cri-o@1.14.12-19.dev.rhaos4.2.git313d784?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-o@1.14.12-19.dev.rhaos4.2.git313d784%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/105411?format=json","purl":"pkg:rpm/redhat/cri-o@1.16.3-22.dev.rhaos4.3.git11c04e3?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-o@1.16.3-22.dev.rhaos4.3.git11c04e3%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/104374?format=json","purl":"pkg:rpm/redhat/cri-tools@1.17.0-1?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqtx-g1cs-6ybn"},{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-tools@1.17.0-1%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/104367?format=json","purl":"pkg:rpm/redhat/dracut@049-64.git20200123?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqtx-g1cs-6ybn"},{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/dracut@049-64.git20200123%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/104370?format=json","purl":"pkg:rpm/redhat/jenkins@2.204.1.1581950993-1?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqtx-g1cs-6ybn"},{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.204.1.1581950993-1%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/105406?format=json","purl":"pkg:rpm/redhat/jenkins@2.204.1.1581951349-1?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.204.1.1581951349-1%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/105413?format=json","purl":"pkg:rpm/redhat/jenkins@2.204.2.1583849753-1?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.204.2.1583849753-1%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/103984?format=json","purl":"pkg:rpm/redhat/jenkins-2-plugins@3.11.1591354111-1?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-24jy-j38r-13bv"},{"vulnerability":"VCID-2nkx-bafa-gqde"},{"vulnerability":"VCID-5h17-3b63-s7gr"},{"vulnerability":"VCID-6gvv-5195-cbhh"},{"vulnerability":"VCID-qqe6-hpzt-wkhn"},{"vulnerability":"VCID-rus3-fvn9-53h9"},{"vulnerability":"VCID-xtbk-gqyx-8fep"},{"vulnerability":"VCID-yn97-nd7r-b7hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@3.11.1591354111-1%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/105410?format=json","purl":"pkg:rpm/redhat/jenkins-2-plugins@4.1.1583850385-1?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.1.1583850385-1%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/105412?format=json","purl":"pkg:rpm/redhat/jenkins-2-plugins@4.2.1581952573-1?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.2.1581952573-1%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/104371?format=json","purl":"pkg:rpm/redhat/jenkins-2-plugins@4.3.1581956184-1?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqtx-g1cs-6ybn"},{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@4.3.1581956184-1%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/105402?format=json","purl":"pkg:rpm/redhat/machine-config-daemon@4.2.20-202002170402.git.1.a83336a?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/machine-config-daemon@4.2.20-202002170402.git.1.a83336a%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/104383?format=json","purl":"pkg:rpm/redhat/machine-config-daemon@4.3.3-202002170501.git.1.6b1b155?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqtx-g1cs-6ybn"},{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/machine-config-daemon@4.3.3-202002170501.git.1.6b1b155%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/105397?format=json","purl":"pkg:rpm/redhat/openshift@4.1.37-202002280447.git.0.543873e?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift@4.1.37-202002280447.git.0.543873e%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/105403?format=json","purl":"pkg:rpm/redhat/openshift@4.2.20-202002140432.git.0.47933cb?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift@4.2.20-202002140432.git.0.47933cb%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/105407?format=json","purl":"pkg:rpm/redhat/openshift@4.3.3-202002140552.git.0.e38059c?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift@4.3.3-202002140552.git.0.e38059c%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/105409?format=json","purl":"pkg:rpm/redhat/openshift-ansible@4.1.37-202002280447.git.1.bb180eb?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@4.1.37-202002280447.git.1.bb180eb%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/105395?format=json","purl":"pkg:rpm/redhat/openshift-ansible@4.2.20-202002140432.git.187.2308b53?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@4.2.20-202002140432.git.187.2308b53%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/104381?format=json","purl":"pkg:rpm/redhat/openshift-ansible@4.3.3-202002142331.git.173.bb0b5a1?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqtx-g1cs-6ybn"},{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@4.3.3-202002142331.git.173.bb0b5a1%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/105398?format=json","purl":"pkg:rpm/redhat/openshift-clients@4.2.20-202002140432.git.1.5dc67c9?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-clients@4.2.20-202002140432.git.1.5dc67c9%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/104369?format=json","purl":"pkg:rpm/redhat/openshift-clients@4.3.3-202002140552.git.1.ff73b47?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqtx-g1cs-6ybn"},{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-clients@4.3.3-202002140552.git.1.ff73b47%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/105405?format=json","purl":"pkg:rpm/redhat/openshift-kuryr@4.2.20-202002140432.git.1.d9a72a5?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-kuryr@4.2.20-202002140432.git.1.d9a72a5%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/104382?format=json","purl":"pkg:rpm/redhat/openshift-kuryr@4.3.3-202002170501.git.1.3b8b4cc?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqtx-g1cs-6ybn"},{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-kuryr@4.3.3-202002170501.git.1.3b8b4cc%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/105408?format=json","purl":"pkg:rpm/redhat/podman@1.0.2-3.dev.git96ccc2e?arch=el8_0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@1.0.2-3.dev.git96ccc2e%3Farch=el8_0"},{"url":"http://public2.vulnerablecode.io/api/packages/104586?format=json","purl":"pkg:rpm/redhat/runc@1.0.0-63.rc8.rhaos4.1.git3cbe540?arch=el8_0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-997v-f2ds-e3e4"},{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/runc@1.0.0-63.rc8.rhaos4.1.git3cbe540%3Farch=el8_0"},{"url":"http://public2.vulnerablecode.io/api/packages/104513?format=json","purl":"pkg:rpm/redhat/skopeo@1:0.1.32-6.git1715c90?arch=el8_0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rus3-fvn9-53h9"},{"vulnerability":"VCID-vfxz-vfmr-w3d1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/skopeo@1:0.1.32-6.git1715c90%3Farch=el8_0"},{"url":"http://public2.vulnerablecode.io/api/packages/104364?format=json","purl":"pkg:rpm/redhat/slirp4netns@0.4.2-4.git21fdece?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqtx-g1cs-6ybn"},{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/slirp4netns@0.4.2-4.git21fdece%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/104375?format=json","purl":"pkg:rpm/redhat/toolbox@0.0.6-1.rhaos4.3?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqtx-g1cs-6ybn"},{"vulnerability":"VCID-rus3-fvn9-53h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/toolbox@0.0.6-1.rhaos4.3%3Farch=el8"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10392.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10392.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10392","reference_id":"","reference_type":"","scores":[{"value":"0.80819","scoring_system":"epss","scoring_elements":"0.99161","published_at":"2026-05-14T12:55:00Z"},{"value":"0.80819","scoring_system":"epss","scoring_elements":"0.99146","published_at":"2026-04-12T12:55:00Z"},{"value":"0.80819","scoring_system":"epss","scoring_elements":"0.99147","published_at":"2026-04-16T12:55:00Z"},{"value":"0.80819","scoring_system":"epss","scoring_elements":"0.99145","published_at":"2026-04-13T12:55:00Z"},{"value":"0.80819","scoring_system":"epss","scoring_elements":"0.99148","published_at":"2026-04-18T12:55:00Z"},{"value":"0.80819","scoring_system":"epss","scoring_elements":"0.99149","published_at":"2026-04-21T12:55:00Z"},{"value":"0.80819","scoring_system":"epss","scoring_elements":"0.99153","published_at":"2026-04-29T12:55:00Z"},{"value":"0.80819","scoring_system":"epss","scoring_elements":"0.99156","published_at":"2026-05-05T12:55:00Z"},{"value":"0.80819","scoring_system":"epss","scoring_elements":"0.99158","published_at":"2026-05-07T12:55:00Z"},{"value":"0.80819","scoring_system":"epss","scoring_elements":"0.99159","published_at":"2026-05-09T12:55:00Z"},{"value":"0.80819","scoring_system":"epss","scoring_elements":"0.9916","published_at":"2026-05-11T12:55:00Z"},{"value":"0.80819","scoring_system":"epss","scoring_elements":"0.99137","published_at":"2026-04-01T12:55:00Z"},{"value":"0.80819","scoring_system":"epss","scoring_elements":"0.99139","published_at":"2026-04-02T12:55:00Z"},{"value":"0.80819","scoring_system":"epss","scoring_elements":"0.99141","published_at":"2026-04-04T12:55:00Z"},{"value":"0.80819","scoring_system":"epss","scoring_elements":"0.99144","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10392"},{"reference_url":"https://github.com/jenkinsci/git-client-plugin/commit/899123fa2eb9dd2c37137aae630c47c6be6b4b02","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jenkinsci/git-client-plugin/commit/899123fa2eb9dd2c37137aae630c47c6be6b4b02"},{"reference_url":"https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1534","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1534"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10392","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10392"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/09/12/2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/09/12/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1819704","reference_id":"1819704","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1819704"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:git_client:3.0.0:rc:*:*:*:jenkins:*:*","reference_id":"cpe:2.3:a:jenkins:git_client:3.0.0:rc:*:*:*:jenkins:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:git_client:3.0.0:rc:*:*:*:jenkins:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:git_client:*:*:*:*:*:jenkins:*:*","reference_id":"cpe:2.3:a:jenkins:git_client:*:*:*:*:*:jenkins:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:git_client:*:*:*:*:*:jenkins:*:*"},{"reference_url":"https://github.com/advisories/GHSA-hw6x-2qwv-rxr7","reference_id":"GHSA-hw6x-2qwv-rxr7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hw6x-2qwv-rxr7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2478","reference_id":"RHSA-2020:2478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2478"}],"weaknesses":[{"cwe_id":78,"name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","description":"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"6.5 - 8.9","exploitability":"2.0","weighted_severity":"8.0","risk_score":10.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rus3-fvn9-53h9"}