Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security issue - allowGetClass(false) can be bypassed using incorrect casing #435

Closed
cnogueira opened this issue Apr 16, 2019 · 1 comment
Closed

Security issue - allowGetClass(false) can be bypassed using incorrect casing #435

cnogueira opened this issue Apr 16, 2019 · 1 comment
Milestone
3.0.9

Comments

@cnogueira
Copy link
Contributor

Pebble can be configured to forbid access to java's class object through allowGetClass flag. Which by default in 3.+ is set to false. However, this can be bypassed by using any combination of casing that does not match the one from java. i.e.

  • {{ object.class }} <- will throw ClassAccessException
  • {{ object.getClass }} <- will throw ClassAccessException
  • {{ object.CLASS }} ⚠️
  • {{ object.Class }} ⚠️
  • {{ object.getclass }} ⚠️
@cnogueira cnogueira mentioned this issue Apr 16, 2019
Merged
@cnogueira
Copy link
Contributor Author

Added #436 PR to address the issue.

@ebussieres ebussieres added this to the 3.0.9 milestone Apr 16, 2019
@securityMB securityMB mentioned this issue Jul 15, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.0.9
Development

No branches or pull requests
2 participants
@cnogueira @ebussieres