CVE-2021-43577
published 2021-11-12CVE-2021-43577: Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
high7.1CVSS 3.1
AVNACLPRLUINSUCHILAN
Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | active_choices_plugin | — | — |
| jenkins | owasp_dependency-check | <= 5.1.1 | — |
| jenkins | owasp_dependency-check_plugin | — | — |
| jenkins | performance_plugin | — | — |
| jenkins | scriptler_plugin | — | — |
| jenkins_project | jenkins_owasp_dependency-check_plugin | unspecified – 5.1.1 | — |