Sandbox Bypass

Jenkins Script Security Plugin is vulnerable to Sandbox Bypass. The vulnerability exists during the casting of array-like values to array types that intercepts per-element casts which allows an attacker to bypass sandbox restrictions and execute arbitrary codes...

Jenkins Script Security Plugin sandbox bypass vulnerability

A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary...

PT-2022-26887 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1183.v774b 0b 0a a 451 and earlier Description: A sandbox bypass issue involves casting an array-like value to an array type, allowing attackers with permission to define and run sandboxed scripts,...

Design/Logic Flaw

All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service DoS when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. Note: pg-native is a mere binding to npm's libpq library, which in...

Denial of Service (DoS)

Overview pg-native is a high performance native bindings between node.js and PostgreSQL via libpq with a simple API. Affected versions of this package are vulnerable to Denial of Service DoS when the addons attempt to cast the second argument to an array and fail. This happens for every non-array...