Groovy scripts and formulas can escape sandbox

From Freeplane - free mind mapping and knowledge management software
Revision as of 09:11, 23 April 2017 by Dimitry (talk | contribs)

Reported on 2017/02/19

Fix released on 2017/04/15

Reported by Adrián Bravo Navarro, https://www.linkedin.com/in/adrianbn

Description of Vulnerability

Scripts and formulas can escape security sandbox and take full control over computer calling private methods of security relevant classes from java.lang .

Retrieved from "https://www.freeplane.org/oldwiki/index.php?title=Groovy_scripts_and_formulas_can_escape_sandbox&oldid=6026"