Class Loading Vulnerability in Artemis

Impact This affects all Artemis users who test Java assignments. Ares is not required. Students code that gets automatically tested can run arbitrary code in the container, or arbitrary code on the machine of an assessor in case of manual correction. Patches The problem cannot be resolved easily ...

PT-2022-28163 · Apache · Maven Enforcer Plugin

Name of the Vulnerable Software and Affected Versions: Artemis Java Test Sandbox versions prior to 1.8.0 Description: The issue allows an attacker to escape the sandbox by including class files in a package that Ares trusts, enabling the execution of arbitrary Java code when a victim runs the...