Severity: critical

Sandbox Bypass Leading to Arbitrary Code Execution

constantinople

Overview

Versions of constantinople prior to 3.1.1 are vulnerable to a sandbox bypass which can lead to arbitrary code execution.

Remediation

Update to version 3.1.1 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Jul 12th, 2019
  2. reported

    Initial report by Forbes Lindesay
    Apr 20th, 2018