-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:groovy | maven | <= 2.1 | 2.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the script validation endpoint in StringScriptSource.java using GroovyShell.parse() without sandbox protection during compilation/parsing phases. The commit diff shows replacement of direct GroovyShell usage with GroovySandbox.checkScriptForCompilationErrors, and the test case demonstrates prevention of constructor execution during validation. The advisory specifically mentions this file and the pattern of unsafe script evaluation during parsing/compilation phases as the vulnerability mechanism.