Groovy scripts and formulas can escape sandbox

From Freeplane - free mind mapping and knowledge management software
Revision as of 09:11, 23 April 2017 by Dimitry (talk | contribs)

Reported on 2017/02/19

Fix released on 2017/04/15

Reported by Adrián Bravo Navarro, https://www.linkedin.com/in/adrianbn

Description of Vulnerability

Scripts and formulas can escape security sandbox and take full control over computer calling private methods of security relevant classes from java.lang .