18 matches found
EUVD-2022-3963
Malicious code in bioql PyPI...
SUSE CVE-2017-1000107
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection...
jenkins-script-security-plugin: sandbox protection bypass via crafted constructor calls and crafted constructor bodies
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies...
Sandbox Restrictions Bypass
jenkins-script-security-plugin is vulnerable to sandbox restrictions bypass. An attacker is able to bypass the sandbox protection via malicious constructor calls and constructor bodies...
jenkins-script-security-plugin: sandbox protection bypass via crafted constructor calls and crafted constructor bodies
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies...
CVE-2020-2134
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies...
PT-2020-15344 · Jenkins · Jenkins Script Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.70 and earlier Description: The sandbox protection in the Jenkins Script Security Plugin could be circumvented through crafted method calls on objects that implement GroovyInterceptable, or through...
PT-2020-15343 · Jenkins · Jenkins Script Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.70 and earlier Description: The sandbox protection in the Jenkins Script Security Plugin could be circumvented through crafted constructor calls and bodies, as well as crafted method calls on objects...
jenkins-plugin-script-security: Sandbox bypass through type casts in Script Security Plugin
A flaw was found in Jenkins Script Security plugin. Sandbox protection could be circumvented by casting crafted objects to other types allowing an attacker to specify sandboxed scripts to invoke constructors that weren't previously whitelisted. The highest threat from this vulnerability is to dat...
CVE-2016-5171
WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted JavaScript code...
OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...
OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...
OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...
OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...
OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...
OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...
OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...
OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119)
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...