Highlights
Sandbox Escape: 30 prior fixes. Scrutinize any change in this area.
src/main/java/delight/rhinosandox/internal/RhinoSandboxImpl.java: most-fixed (18 issues). Treat as high-risk during review.
28 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns
The bug types that recur here, drawn from past fixes, not open vulnerabilities.
Sandbox Escape: Untrusted scripts can access dangerous Java reflection methods (getClass, getClassLoader, forName) on wrapped Java objects to execute arbitrary code outside the sandbox. Historically, multiple fixes were required to block these property access vectors on Java object wrappers.
Sandbox Escape: ClassShutter restrictions and secure WrapFactory settings were historically missing or only partially applied during subsequent evaluations, allowing script execution paths to resolve and load arbitrary Java classes.
Sandbox Escape: Failure to seal the global and parent scope objects allowed untrusted scripts to manipulate shared prototypes or global definitions to pollute the execution context and break out of the sandbox.