5 matches found
JRuby Sandbox 0.2.2 - Sandbox Escape
No description provided by source. Phenoelit Advisory wir-haben-auch-mal-was-gefunden 0815 +-+++ Authors joernchen joernchen phenoelit de Phenoelit Group http://www.phenoelit.de Affected Products jruby-sandbox = 0.2.2 https://github.com/omghax/jruby-sandbox Vendor communication 2014-04-22 Send...
JRuby Sandbox 0.2.2 - Sandbox Escape
jruby-sandbox aims to allow safe execution of user given Ruby code within a JRuby 0 runtime. However via import of Java classes it is possible to circumvent those protections and execute arbitrary code outside the sandboxed environment. Versions 0.2.2 and below are affected. Phenoelit Advisory...
JRuby Sandbox 0.2.2 - Sandbox Escape
Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products jruby-sandbox e puts "fail via Ruby ;" end puts "Now for some Java" sand.eval"Kernel.send :javaimport, 'java.lang.ProcessBuilder'" sand.eval"Kernel.send :javaimport, 'java.util.Scanner'" sand.eval"s =...
JRuby Sandbox 0.2.2 - Sandbox Escape
JRuby Sandbox 0.2.2 - Sandbox Escape Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products jruby-sandbox e puts "fail via Ruby ;" end puts "Now for some Java" sand.eval"Kernel.send :javaimport, 'java.lang.ProcessBuilder'" sand.eval"Kernel.send :javaimport,...
JRuby Sandbox 0.2.2 Bypass
Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products jruby-sandbox e puts "fail via Ruby ;" end puts "Now for some Java" sand.eval"Kernel.send :javaimport, 'java.lang.ProcessBuilder'" sand.eval"Kernel.send :javaimport, 'java.util.Scanner'" sand.eval"s =...