OSVDB-106279: Security bypass using Java imports

April 25, 2014

An attacker can Import Java classes to circumvent the security protections and execute arbitrary code outside the sandboxed environment.

References

packetstormsecurity.com/files/126317/JRuby-Sandbox-0.2.2-Bypass.html
seclists.org/fulldisclosure/2014/Apr/att-264/jruby-sandbox.txt

Detect and mitigate OSVDB-106279 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →