[SE-2014-02] Google App Engine Java security sandbox bypasses (status update)

Posted by Security Explorations on Dec 16

Hello All,

We would like to provide a status update to the initial
announcement [1] made a week ago regarding our SE-2014-02
security research project targeting Google App Engine
for Java.

Information regarding vulnerabilities and associated PoC
codes (Issues 1-22 / unconfirmed Issues 23-35) was sent
to Google on Dec 07, 2014.

Google has been able to reproduce the issues locally, but
when tried in production some of them didn’t seem to…

Leave a Reply