Sandbox Escape

Artemis Java Test Sandbox is vulnerable to Sandbox Escape. The vulnerability is caused due to missing checkLinkString override in the SecurityManager. This allows an attacker to load untrusted libraries and execute arbitrary Java code within the context of the application...

Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-883x-6fch-6wjx. This link is maintained to preserve external references. Original Description Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a speci...

GHSA-C4PG-5GGH-VCPP Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-98hq-4wmw-98w9. This link is maintained to preserve external references. Original Description Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted...

Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-227w-wv4j-67h4. This link is maintained to preserve external references. Original Description Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class...

GHSA-HJ55-9JMV-9JRJ Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-227w-wv4j-67h4. This link is maintained to preserve external references. Original Description Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class...

CVE-2024-23683

Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code...

CVE-2024-23681 Artemis Java Test Sandbox Libary Load Escape

Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code...

CVE-2024-23681 Artemis Java Test Sandbox Libary Load Escape

Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code...

CVE-2024-23683

Affected product: Artemis Java Test Sandbox. Versions

CVE-2024-23683 Artemis Java Test Sandbox InvocationTargetException Subclass Escape

Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code...

CVE-2024-23682 Artemis Java Test Sandbox Class Loading Escape

Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code...

Arbitrary code execution in de.tum.in.ase:artemis-java-test-sandbox

Summary Because of the missing checkLinkString override in the SecurityManager, students can load libraries and execute arbitrary code. Details Using System.loadString or System.loadLibrary​String students can load and execute arbitrary code. java private static native void startList args; public...

PT-2023-32946 · Unknown · Artemis Java Test Sandbox

Name of the Vulnerable Software and Affected Versions: Artemis Java Test Sandbox versions prior to 1.11.2 Description: The issue allows an attacker to escape the sandbox by loading untrusted libraries using System.load or System.loadLibrary. This can lead to arbitrary Java code execution when a...

PT-2022-28163 · Apache · Maven Enforcer Plugin

Name of the Vulnerable Software and Affected Versions: Artemis Java Test Sandbox versions prior to 1.8.0 Description: The issue allows an attacker to escape the sandbox by including class files in a package that Ares trusts, enabling the execution of arbitrary Java code when a victim runs the...