Script Security

Previous Security Warnings

• Groovy sandbox protection incomplete

  • Affects version 1.18 and earlier

• Unsafe methods in the default list of approved signatures

  • Affects version 1.29 and earlier

• Multiple sandbox bypasses

  • Affects version 1.30 and earlier

• Arbitrary file read vulnerability

  • Affects version 1.36 and earlier

• Script Security sandbox bypass

  • Affects version 1.47 and earlier

• Script Security sandbox bypass

  • Affects version 1.49 and earlier

• Script Security sandbox bypass

  • Affects version 1.50 and earlier

• Script Security sandbox bypass

  • Affects version 1.52 and earlier

• Script security sandbox bypass

  • Affects version 1.53 and earlier

• Script Security sandbox bypass

  • Affects version 1.55 and earlier

• Sandbox bypass through type casts

  • Affects version 1.61 and earlier

• Sandbox bypass through method pointer expressions

  • Affects version 1.61 and earlier

• Sandbox bypass vulnerability

  • Affects version 1.62 and earlier

• Sandbox bypass vulnerability

  • Affects version 1.64 and earlier

• Sandbox bypass vulnerability

  • Affects version 1.67 and earlier

• Sandbox bypass vulnerability

  • Affects version 1.69 and earlier

• Sandbox bypass vulnerability

  • Affects version 1.70 and earlier

• Stored XSS vulnerability

  • Affects version 1.72 and earlier

• Sandbox bypass vulnerability

  • Affects version 1.74 and earlier

• CSRF vulnerability

  • Affects version 1158.v7c1b_73a_69a_08 and earlier

• Sandbox bypass vulnerability

  • Affects version 1183.v774b_0b_0a_a_451 and earlier

• Whole-script approval vulnerable to SHA-1 collisions

  • Affects version 1189.vb_a_b_7c8fd5fde and earlier

• Sandbox bypass vulnerability

  • Affects version 1228.vd93135a_2fb_25 and earlier

• Multiple sandbox bypass vulnerabilities

  • Affects version 1335.vf07d9ce377a_e and earlier

• Missing permission check

  • Affects version 1367.vdf2fc45f229c and earlier