Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.

Affected Packages

Maven org.jenkins-ci.plugins:literate

Affected versions: 0 (last affected: 1.0)

Related CVEs

CVE-2020-2158

Key Information

GHSA ID

GHSA-c329-r874-xc7j

Published

May 24, 2022 5:10 PM

Last Modified

January 5, 2023 9:05 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:literate

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 27, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.