You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The rhino shell (which is what you get when you run "java -jar" on the
Rhino JAR) has a bunch of commands including one that lets you execute a
shell command. That's by design. People who are running Rhino on sensitive
environments should not be using that part of Rhino. If anyone has any idea
how to update the packaging or README to keep people from running into this
it'd be a great contribution.
Move the shell-classes into a separate artefact depending on the core classes? A change to README doesn't keep anyone from running a main class part of the artefact.
Hi,
we've scanned the library with Veracode, and it found a very high vulnerability. The report is attached.
rhino.pdf
Regards,
Alexander Nikitin
The text was updated successfully, but these errors were encountered: