Search for packages
| purl | pkg:maven/org.jenkins-ci.plugins/script-security@1.49 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2qhb-fu9x-k7bd
Aliases: CVE-2019-1003001 GHSA-6q78-6xvr-26fg |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. |
Affected by 1 other vulnerability. |
|
VCID-a6ur-dzqs-hfge
Aliases: CVE-2019-1003000 GHSA-784j-h234-m56x |
Code Injection A sandbox bypass vulnerability exists in Script Security Plugin that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T16:01:21.237721+00:00 | GHSA Importer | Affected by | VCID-2qhb-fu9x-k7bd | https://github.com/advisories/GHSA-6q78-6xvr-26fg | 38.0.0 |
| 2026-04-01T16:01:21.204795+00:00 | GHSA Importer | Affected by | VCID-a6ur-dzqs-hfge | https://github.com/advisories/GHSA-784j-h234-m56x | 38.0.0 |
| 2026-04-01T12:50:11.112584+00:00 | GitLab Importer | Affected by | VCID-2qhb-fu9x-k7bd | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/script-security/CVE-2019-1003001.yml | 38.0.0 |
| 2026-04-01T12:48:15.987332+00:00 | GitLab Importer | Affected by | VCID-a6ur-dzqs-hfge | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/script-security/CVE-2019-1003000.yml | 38.0.0 |