Vulnerabilities > Jenkins > Code Coverage API > 1.1.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-31 | CVE-2021-21677 | Deserialization of Untrusted Data vulnerability in Jenkins Code Coverage API Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability. | 8.8 |
2020-04-07 | CVE-2020-2172 | XML Entity Expansion vulnerability in Jenkins Code Coverage API Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 |