RubySec

Providing security resources for the Ruby community

OSVDB-106279 (jruby-sandbox): jruby-sandbox Java Class Importation Sandbox Bypass

ADVISORIES

GEM

jruby-sandbox

PLATFORM

JRuby

PATCHED VERSIONS

  • >= 0.2.3

DESCRIPTION

jruby-sandbox contains a flaw that is triggered when importing Java Classes. This may allow a remote attacker to bypass the sandbox for code execution.

RELATED

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories