11 matches found
Arbitrary Code Execution
de.tum.in.ase: artemis-java-test-sandbox is vulnerable to Arbitrary Code Execution. The vulnerability is due to missing class sanitization during the creation of special subclasses of type InvocationTargetException. An attacker can execute arbitrary student code in the trusted context...
Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-883x-6fch-6wjx. This link is maintained to preserve external references. Original Description Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a speci...
GHSA-23RX-79R7-6CPX Duplicate Advisory: Sandbox escape in Artemis Java Test Sandbox
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-883x-6fch-6wjx. This link is maintained to preserve external references. Original Description Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a speci...
CVE-2024-23683
Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code...
CVE-2024-23683
Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code...
Code injection
Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code...
CVE-2024-23683
Affected product: Artemis Java Test Sandbox. Versions
CVE-2024-23683 Artemis Java Test Sandbox InvocationTargetException Subclass Escape
Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code...
Trust Boundary Violation due to Incomplete Blacklist in Test Failure Processing in Ares
Impact This allows an attacker to create special subclasses of InvocationTargetException that escape the exception sanitization because JUnit extracts the cause in a trusted context before the exception reaches Ares. This means that arbitrary student code can be executed in a trusted context, and...
GHSA-883X-6FCH-6WJX Trust Boundary Violation due to Incomplete Blacklist in Test Failure Processing in Ares
Impact This allows an attacker to create special subclasses of InvocationTargetException that escape the exception sanitization because JUnit extracts the cause in a trusted context before the exception reaches Ares. This means that arbitrary student code can be executed in a trusted context, and...
PT-2022-28164 · Unknown · Artemis Java Test Sandbox
Name of the Vulnerable Software and Affected Versions: Artemis Java Test Sandbox versions less than 1.7.6 Description: The issue allows an attacker to create special subclasses of InvocationTargetException that escape the exception sanitization. This enables arbitrary student code to be executed ...