Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.jenkins-ci.plugins/script-security@1.50
purl pkg:maven/org.jenkins-ci.plugins/script-security@1.50
Next non-vulnerable version 1.51
Latest non-vulnerable version 1368.vb
Risk 10.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-ct1b-eyhf-tban
Aliases:
CVE-2019-1003005
GHSA-x5jm-rj37-5qh7
Code Injection A sandbox bypass vulnerability exists in Jenkins Script Security Plugin in `src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java` that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
1.51
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-2qhb-fu9x-k7bd Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. CVE-2019-1003001
GHSA-6q78-6xvr-26fg
VCID-a6ur-dzqs-hfge Code Injection A sandbox bypass vulnerability exists in Script Security Plugin that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM. CVE-2019-1003000
GHSA-784j-h234-m56x

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T16:01:21.241078+00:00 GHSA Importer Fixing VCID-2qhb-fu9x-k7bd https://github.com/advisories/GHSA-6q78-6xvr-26fg 38.0.0
2026-04-01T16:01:21.208057+00:00 GHSA Importer Fixing VCID-a6ur-dzqs-hfge https://github.com/advisories/GHSA-784j-h234-m56x 38.0.0
2026-04-01T13:10:51.924276+00:00 GithubOSV Importer Fixing VCID-2qhb-fu9x-k7bd https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6q78-6xvr-26fg/GHSA-6q78-6xvr-26fg.json 38.0.0
2026-04-01T13:08:21.573141+00:00 GithubOSV Importer Fixing VCID-a6ur-dzqs-hfge https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-784j-h234-m56x/GHSA-784j-h234-m56x.json 38.0.0
2026-04-01T12:50:11.114350+00:00 GitLab Importer Fixing VCID-2qhb-fu9x-k7bd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/script-security/CVE-2019-1003001.yml 38.0.0
2026-04-01T12:48:17.076068+00:00 GitLab Importer Affected by VCID-ct1b-eyhf-tban https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/script-security/CVE-2019-1003005.yml 38.0.0
2026-04-01T12:48:15.989355+00:00 GitLab Importer Fixing VCID-a6ur-dzqs-hfge https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/script-security/CVE-2019-1003000.yml 38.0.0