[esb-issues] [JBoss JIRA] Updated: (JBESB-1561) Groovy security compromised
[ http://jira.jboss.com/jira/browse/JBESB-1561?page=all ]
Martin Vecera updated JBESB-1561:
---------------------------------
Description:
GroovyActionProcess allows execution of malicious code. This code can be sent via esb
message. See attached example (modified QS).
Credit goes to Jirka Pechanec for this great idea!
Proposed solution: code support for SecurityManager.
was:
GroovyActionProcess allows execution of malicious code. This code can be sent via esb
message. See attached example (modified QS).
Credit goes to Jirka Pechanec for this great idea!
Priority: Critical (was: Major)
Groovy security compromised
---------------------------
Key: JBESB-1561
URL: http://jira.jboss.com/jira/browse/JBESB-1561
Project: JBoss ESB
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Rosetta, Adapters
Affects Versions: 4.2.1 CP1
Reporter: Martin Vecera
Priority: Critical
Attachments: malgroovy.tgz
GroovyActionProcess allows execution of malicious code. This code can be sent via esb
message. See attached example (modified QS).
Credit goes to Jirka Pechanec for this great idea!
Proposed solution: code support for SecurityManager.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira