Google Cloud Application Integration Sandbox Escape Vulnerability in JavaScript Task

Vulnerability

A sandbox escape vulnerability has been identified in the JavaScript Task feature of Google Cloud Application Integration. This vulnerability allows an actor to execute arbitrary unsandboxed code by crafting specific JavaScript that is processed by the Rhino engine. Effective January 24, 2025, Google Cloud Application Integration will discontinue support for the Rhino engine, eliminating the vulnerability. Existing published JavaScript tasks can be manually migrated to use the V8 engine.

Impact

Exploitation of this vulnerability allows for arbitrary code execution outside of the intended sandbox environment, potentially leading to unauthorized actions or access within the application integration context.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google Cloud Application Integration Sandbox Escape Vulnerability in JavaScript Task

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating