A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs...
8.1CVSS
8.1AI Score
0.006EPSS
The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk...
6.5CVSS
6.4AI Score
0.001EPSS
A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address...
9.8CVSS
9.3AI Score
0.012EPSS
Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory...
6.5CVSS
6.7AI Score
0.003EPSS