sunSUNQ

Results 5 comments of sunSUNQ

[GHSA-hhpm-5cp2-hg4x] Deserialization of Untrusted Data in Jenkins

I apologize, there was an issue with the submission, and only 76e0e69e91b85dd72f8fac53d547dcdc4ff1d90c is relevant to the current vulnerability.

[GHSA-hhpm-5cp2-hg4x] Deserialization of Untrusted Data in Jenkins

CVE-2018-1000861 is mentioned in the official advisory as related to SECURITY-595. In https://github.com/advisories/GHSA-hhpm-5cp2-hg4x, only https://github.com/jenkinsci/jenkins/commit/47f38d714c99e1841fb737ad1005618eb26ed852 is provided. However, I believe the following five commits are also relevant. https://github.com/jenkinsci/jenkins/commit/90b6d47af7ff0ae33f4ff816a0d9ca36223769b0 https://github.com/jenkinsci/jenkins/commit/db5defdf2f3c8efa4c8fb5a04502ebbccec96504 https://github.com/jenkinsci/jenkins/commit/3353e66082cd275b7bf55da7b2423d6ca11a1e2d...

[GHSA-hhpm-5cp2-hg4x] Deserialization of Untrusted Data in Jenkins

Hello, I'm looking forward to your response.

[GHSA-p5hg-3xm3-gcjg] Spring Framework allows applications to expose STOMP over WebSocket endpoints

Hello, I have added two patches for this vulnerability. In the official advisory at https://spring.io/security/cve-2018-1270, it is mentioned that the vulnerability affects the spring-messaging module. The affected versions range from...

[GHSA-p5hg-3xm3-gcjg] Spring Framework allows applications to expose STOMP over WebSocket endpoints

Hello, I'm looking forward to your response.