Posted by Security Explorations on Dec 06

Hello All,

We discovered multiple security issues in Google App Engine that allow
for a complete Java VM security sandbox escape.

There are more issues pending verification – we estimate them to be in
the range of 30+ in total.

Quick summary of our developments so far:
– we bypassed GAE whitelisting of JRE classes / achieved complete Java VM
security sandbox escape (17 full sandbox bypass PoC codes exploiting 22
issues in total),
– we…