Stacksparrow4

#9543of 53,622
29Total CVSS
Vulnerabilities · 3
Critical
3
PT-2024-22318
10
2024-04-18
Judge0 · Judge0 · CVE-2024-28185
**Name of the Vulnerable Software and Affected Versions** Judge0 (affected versions not specified) **Description** The issue concerns an open-source online code execution system. It does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, the system writes a `run script` to the sandbox directory. An attacker can create a symbolic link (symlink) at the path `run script` before this code is executed, resulting in the `f.write` writing to an arbitrary file on the unsandboxed system. This can be used to overwrite scripts on the system and gain code execution outside of the sandbox. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-22322
10
2024-04-18
Judge0 · Judge0 · CVE-2024-28189
**Name of the Vulnerable Software and Affected Versions** Judge0 versions prior to 1.13.1 **Description** The issue arises from the application's use of the UNIX `chown` command on an untrusted file within the sandbox. An attacker can exploit this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run `chown` on arbitrary files outside of the sandbox. This can be used to bypass a previous patch and obtain a complete sandbox escape. **Recommendations** For versions prior to 1.13.1, update to version 1.13.1 to resolve the issue. As a temporary workaround, consider restricting the use of the `chown` command within the sandbox until the update is applied.
PT-2024-22675
9
2024-04-18
Judge0 · Judge0 · CVE-2024-29021
**Name of the Vulnerable Software and Affected Versions** Judge0 versions prior to 1.13.1 **Description** The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSRF). This allows an attacker with sufficient access to the Judge0 API to obtain unsandboxed code execution as root on the target machine. **Recommendations** For versions prior to 1.13.1, update to version 1.13.1 to resolve the issue. As a temporary workaround, consider restricting access to the Judge0 API to minimize the risk of exploitation.