Google Apps Script is a nice service that allows to automate tasks and add features in some Google services.In order to achieve this, it uses Rhino, which runs on Java.
There was a catch though, Google Apps Scripts implements a white-list of which Java objects can be accessed, most of the objects returned by interesting getClass methods were not in that white-list, so I could not exploit almost anything.
2016-08-15, 10:52 PM - Initial report2016-08-16, 09:22 AM - Report triaged
2016-08-17, 10:22 AM - Bug filed
2016-08-23, 12:35 PM - Reward of $500 issued - My first Google VRP reward :)
2016-08-26, 01:24 PM - Bug fixed and verified