{"url":"http://public2.vulnerablecode.io/api/packages/62658?format=json","purl":"pkg:maven/org.jenkins-ci.plugins/job-dsl@1.72","type":"maven","namespace":"org.jenkins-ci.plugins","name":"job-dsl","version":"1.72","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43650?format=json","vulnerability_id":"VCID-hfht-vs3y-tyem","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nA sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in `job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy`, `job-dsl-plugin/build.gradle`, `job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslallow` `list.groovy`, `job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy` that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0739","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0739"},{"reference_url":"https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1342","reference_id":"","reference_type":"","scores":[],"url":"https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1342"},{"reference_url":"http://www.securityfocus.com/bid/107476","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/107476"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003034","reference_id":"CVE-2019-1003034","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1003034"},{"reference_url":"https://github.com/advisories/GHSA-5r74-pgmq-92mm","reference_id":"GHSA-5r74-pgmq-92mm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5r74-pgmq-92mm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62658?format=json","purl":"pkg:maven/org.jenkins-ci.plugins/job-dsl@1.72","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/job-dsl@1.72"}],"aliases":["CVE-2019-1003034","GHSA-5r74-pgmq-92mm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hfht-vs3y-tyem"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/job-dsl@1.72"}