CVE-2018-16367

Name of the Vulnerable Software and Affected Versions OnlineJudge version 2.0

Description The issue concerns an incorrect access control vulnerability in the sandbox of OnlineJudge. This vulnerability allows a user to write a file anywhere, including writing a directory listing to /tmp. Furthermore, it enables the leakage of file data through the use of #include.

Recommendations For OnlineJudge version 2.0, consider restricting access to the sandbox functionality to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the #include directive in the affected areas to prevent file data leakage.