Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
[SE-2014-02] Google App Engine Java security sandbox bypasses (project pending completion / action from Google)
Dec 06 2014 03:37PM
Security Explorations (contact security-explorations com)
We discovered multiple security issues in Google App Engine that allow
for a complete Java VM security sandbox escape.
There are more issues pending verification - we estimate them to be in
the range of 30+ in total.
Quick summary of our developments so far:
- we bypassed GAE whitelis...
[ more ]
Copyright 2010, SecurityFocus