Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jenkins-ci.plugins/script-security@1.35

Type maven

Namespace org.jenkins-ci.plugins

Name script-security

Version 1.35

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.37

Latest_non_vulnerable_version 1368.vb

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-cskh-ruh2-6yew

vulnerability_id VCID-cskh-ruh2-6yew

summary

Incorrect Permission Assignment for Critical Resource
The script-security plugin allows circumventing many of the access restrictions implemented in the script sandbox.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000095.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000095.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000095

reference_id

reference_type

scores

value	0.00066
scoring_system	epss
scoring_elements	0.20459
published_at	2026-04-21T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20491
published_at	2026-04-08T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20549
published_at	2026-04-09T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20572
published_at	2026-04-11T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20528
published_at	2026-04-12T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20472
published_at	2026-04-13T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20463
published_at	2026-04-16T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20462
published_at	2026-04-18T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20478
published_at	2026-04-01T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20623
published_at	2026-04-02T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20681
published_at	2026-04-04T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.2041
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000095

reference_url

https://jenkins.io/security/advisory/2017-07-10

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://jenkins.io/security/advisory/2017-07-10

reference_url	https://jenkins.io/security/advisory/2017-07-10/
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2017-07-10/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1471060
reference_id	1471060
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1471060

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:script_security:1.34:::::jenkins::
reference_id	cpe:2.3:a:jenkins:script_security:1.34:::::jenkins::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:script_security:1.34:::::jenkins::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000095

reference_id

CVE-2017-1000095

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:N/A:N

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000095

reference_url

https://github.com/advisories/GHSA-m68x-cc2f-gr5h

reference_id

GHSA-m68x-cc2f-gr5h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m68x-cc2f-gr5h

fixed_packages

url	pkg:maven/org.jenkins-ci.plugins/script-security@1.29.1
purl	pkg:maven/org.jenkins-ci.plugins/script-security@1.29.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/script-security@1.29.1

url	pkg:maven/org.jenkins-ci.plugins/script-security@1.35
purl	pkg:maven/org.jenkins-ci.plugins/script-security@1.35
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/script-security@1.35

aliases CVE-2017-1000095, GHSA-m68x-cc2f-gr5h

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cskh-ruh2-6yew

url VCID-ryww-xu2p-73g4

vulnerability_id VCID-ryww-xu2p-73g4

summary

Incorrect Permission Assignment for Critical Resource
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000107.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000107.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000107

reference_id

reference_type

scores

value	0.00274
scoring_system	epss
scoring_elements	0.50876
published_at	2026-04-21T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50795
published_at	2026-04-07T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50852
published_at	2026-04-08T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.5085
published_at	2026-04-09T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50891
published_at	2026-04-16T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50869
published_at	2026-04-12T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50853
published_at	2026-04-13T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50897
published_at	2026-04-18T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50755
published_at	2026-04-01T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50812
published_at	2026-04-02T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.50838
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000107

reference_url

https://jenkins.io/security/advisory/2017-08-07

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://jenkins.io/security/advisory/2017-08-07

reference_url	https://jenkins.io/security/advisory/2017-08-07/
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2017-08-07/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1482091
reference_id	1482091
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1482091

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:script_security:1.30:::::jenkins::
reference_id	cpe:2.3:a:jenkins:script_security:1.30:::::jenkins::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jenkins:script_security:1.30:::::jenkins::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000107

reference_id

CVE-2017-1000107

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000107

reference_url

https://github.com/advisories/GHSA-h7rx-r733-7x7r

reference_id

GHSA-h7rx-r733-7x7r

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h7rx-r733-7x7r

fixed_packages

url	pkg:maven/org.jenkins-ci.plugins/script-security@1.31
purl	pkg:maven/org.jenkins-ci.plugins/script-security@1.31
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/script-security@1.31

url	pkg:maven/org.jenkins-ci.plugins/script-security@1.35
purl	pkg:maven/org.jenkins-ci.plugins/script-security@1.35
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/script-security@1.35

aliases CVE-2017-1000107, GHSA-h7rx-r733-7x7r

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ryww-xu2p-73g4

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/script-security@1.35

Package Instance