jruby-sandbox Java Class Importation Sandbox Bypass
Published: April 24, 2014
SECURITY IDENTIFIERS
- OSVDB: OSVDB-106279
- Vendor Advisory: https://security.snyk.io/vuln/SNYK-RUBY-JRUBYSANDBOX-20156
GEM
PLATFORM
PATCHED VERSIONS
>= 0.2.3
DESCRIPTION
jruby-sandbox contains a flaw that is triggered when importing Java Classes. This may allow a remote attacker to bypass the sandbox for code execution.