CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29021 – SSRF into Sandbox Escape through Unsafe Default Configuration
https://notcve.org/view.php?id=CVE-2024-29021
The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSRF). ... La configuración predeterminada de Judge0 deja al servicio vulnerable a un escape de la zona de pruebas a través de Server Side Request Forgery (SSRF). • https://github.com/judge0/judge0/blob/ad66f77b131dbbebf2b9ff8083dca9a68680b3e5/app/jobs/isolate_job.rb#L203-L230 https://github.com/judge0/judge0/security/advisories/GHSA-q7vg-26pg-v5hr • CWE-918: Server-Side Request Forgery (SSRF) CWE-1393: Use of Default Password •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28189 – Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link
https://notcve.org/view.php?id=CVE-2024-28189
The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside of the sandbox. This vulnerability is not impactful on it's own, but it can be used to bypass the patch for CVE-2024-28185 and obtain a complete sandbox escape. ... Un atacante puede abusar de esto creando un enlace simbólico (enlace simbólico) a un archivo fuera del entorno sandbox, lo que le permite ejecutar chown en archivos arbitrarios fuera del entorno sandbox. Esta vulnerabilidad no tiene un impacto por sí sola, pero se puede utilizar para omitir el parche CVE-2024-28185 y obtener un escape completo de la zona de pruebas. • https://github.com/judge0/judge0/blob/v1.13.0/app/jobs/isolate_job.rb#L232 https://github.com/judge0/judge0/commit/f3b8547b3b67863e4ea0ded3adcb963add56addd https://github.com/judge0/judge0/security/advisories/GHSA-3xpw-36v7-2cmg https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28185 – Judge0 vulnerable to Sandbox Escape via Symbolic Link
https://notcve.org/view.php?id=CVE-2024-28185
The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a `run_script` to the sandbox directory. ... An attacker can leverage this vulnerability to overwrite scripts on the system and gain code execution outside of the sandbox. ... Al ejecutar un envío, Judge0 escribe un `run_script` en el directorio sandbox. • https://github.com/judge0/judge0/blob/v1.13.0/app/jobs/isolate_job.rb#L197-L201 https://github.com/judge0/judge0/commit/846d5839026161bb299b7a35fd3b2afb107992fc https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3157
https://notcve.org/view.php?id=CVE-2024-3157
Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High) El acceso a la memoria fuera de los límites en Compositing en Google Chrome anterior a 123.0.6312.122 permitía a un atacante remoto que había comprometido el proceso de la GPU realizar potencialmente un escape de la zona de pruebas mediante gestos específicos de la interfaz de usuario. • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html https://issues.chromium.org/issues/331237485 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2024-2839 – Colibri Page Builder <= 1.0.263 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-2839
El complemento Colibri Page Builder de WordPress es vulnerable a cross-site scripting almacenado a través del código corto 'colibri_post_title' del complemento en todas las versiones hasta la 1.0.263 incluida debido a una desinfección de entrada y a un escape de salida en atributos proporcionados por el usuario como 'heading_type' insuficientes. • https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape https://github.com/CYBER-WARRIOR-SEC/CVE-2024-28397-js2py-Sandbox-Escape https://plugins.trac.wordpress.org/changeset/3061940/colibri-page-builder/trunk/extend-builder/shortcodes/blog/post-item.php https://www.wordfence.com/threat-intel/vulnerabilities/id/c9466e5f-d8eb-4de4-a1d2-e5ef15bf1e4e? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •