Maisikoleni

**Name of the Vulnerable Software and Affected Versions** Artemis Java Test Sandbox versions less than 1.7.6 **Description** The issue allows an attacker to create special subclasses of `InvocationTargetException` that escape the exception sanitization. This enables arbitrary student code to be executed in a trusted context, allowing the attacker to disable security measures and gain full control over the system. The attacker can abuse this issue to execute arbitrary Java code when a victim executes the supposedly sandboxed code. **Recommendations** Update to version 1.7.6 or later. As a temporary workaround, consider forbidding student classes in trusted packages. Restrict access to trusted packages like `de.tum.in.test.api.security.notsealedsubpackage` to minimize the risk of exploitation. Avoid using the `InvocationTargetException` exception in the affected code until the issue is resolved.