Caja-HTML-Sanitizer icon indicating copy to clipboard operation
Caja-HTML-Sanitizer copied to clipboard

Published 20 hours ago verified publisher icon theSmaw

(URGENT) Caja breakout

Open joepie91 opened this issue 8 years ago • 1 comments

Two vulnerabilities have been found in Caja, and a patched version has been released.

In their words:

This is a complete breach of the Caja sandbox. All users should immediately upgrade to Caja v6008 or later.

joepie91 avatar Apr 22 '16 23:04 joepie91

Thanks for this.

I believe this falls out of the scope of the sanitizer contained within this module. We're only wrapping https://github.com/google/caja/blob/master/src/com/google/caja/plugin/html-sanitizer.js here, which hasn't been updated since Feb 2016.

theSmaw avatar Apr 25 '16 15:04 theSmaw