> On 30. May 2021, at 03:05, s.p...@gmail.com <s.pr...@gmail.com> wrote:
>
> Affected versions of the package are vulnerable to Cross-site Scripting(XSS)
> via .swf files, allowing arbitary code injection into hosting server
> CVE-2012-5881 CVE-2012-5883
>
While we include YUI, we do not include the vulnerable file.
Your scanner is trash.
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/352C70D7-C6E1-4509-A543-ED44803A15D6%40beckweb.net.
