6 matches found
CVE-2024-28189
Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link symlink to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside o...
CVE-2024-28189
creationtimestamp| type| source ---|---|--- 2024-11-20 22:41:34+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/judge0sandboxescapecve202428189.rb 2025-02-06 03:13:46+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23...
CVE-2024-28189
Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link symlink to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside o...
CVE-2024-28189
Judge0 sandbox escape (CVE-2024-28189) arises when the sandbox writes run_script to its directory and an attacker uses a symbolic link to target files outside the sandbox. This allows chown to be executed on arbitrary outside-of-sandbox files, enabling a sandbox escape and potentially complete RC...
CVE-2024-28189 Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link
Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link symlink to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside o...
CVE-2024-28189 Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link
Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link symlink to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside o...