13 matches found
SUSE CVE-2017-1000107
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection...
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...
GHSA-3PV3-JJ4H-P528 Sandbox bypass vulnerability in Jenkins Script Security Plugin
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...
GHSA-7WFC-X4F7-GG2X Code injection in Apache Dubbo
Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers may enable calling arbitrary...
GHSA-R577-4HQ7-73QH Remote Code Execution in Apache Dubbo
Apache Dubbo supports various rules to support configuration override or traffic routing called routing in Dubbo. These rules are loaded into the configuration center eg: Zookeeper, Nacos, ... and retrieved by the customers when making a request in order to find the right endpoint. When parsing...
CVE-2021-36162 Unprotected yaml deserialization cause RCE
Apache Dubbo supports various rules to support configuration override or traffic routing called routing in Dubbo. These rules are loaded into the configuration center eg: Zookeeper, Nacos, ... and retrieved by the customers when making a request in order to find the right endpoint. When parsing...
CVE-2021-30180
Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers may enable calling arbitrary...
Apache Dubbo 环境问题漏洞
Apache Dubbo is the United States Apache Apache Foundation of a lightweight Java-based RPC Remote Procedure Call framework. The product provides interface-based remote calling , fault tolerance and load balancing and automatic service registration and discovery. A security vulnerability previousl...
CVE-2019-1003041
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...
CVE-2019-1003041
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...
CVE-2019-1003040
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...
CVE-2019-1003040
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...
CVE-2019-1003041
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...