CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32980 – Spin contains a potential network sandbox escape for specifically configured Spin applications
https://notcve.org/view.php?id=CVE-2024-32980
08 May 2024 — Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use `self` requests without a specified URL authority can be induced to make requests to arbitrary hosts via the `Host` HTTP header. The following conditions need to be met for an application to be vulnerable: 1. The environment Spin is deployed in routes requests to the Spin runtime based on the request URL instead of the `Host` header, and ... • https://github.com/fermyon/spin/commit/b3db535c9edb72278d4db3a201f0ed214e561354 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34347 – @hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE
https://notcve.org/view.php?id=CVE-2024-34347
08 May 2024 — Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. ... In the case of @hoppscotch/js-sandbox, multiple references to external objects are passed into the vm context to allow pre-request scripts interactions with environment variables and more. But this also allows the pre-request script to escape the sandbox. ... Antes de 0.8.0, el paquete @hoppscotch/js-sandbox proporciona un entorno limitado de Javascript que... • https://github.com/hoppscotch/hoppscotch/commit/22c6eabd133195d22874250a5ae40cb26b851b01 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-34145 – jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes
https://notcve.org/view.php?id=CVE-2024-34145
02 May 2024 — A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. Una vulnerabilidad de omisión de la sandbox que involucra clases definidas en l... • http://www.openwall.com/lists/oss-security/2024/05/02/3 • CWE-290: Authentication Bypass by Spoofing CWE-693: Protection Mechanism Failure •
CVSS: 9.8EPSS: 43%CPEs: 3EXPL: 1CVE-2024-34144 – jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies
https://notcve.org/view.php?id=CVE-2024-34144
02 May 2024 — A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. Una vulnerabilidad de omisión de la sandbox que involucra cuerpos de constructores manipulados en Jenkins Script Security Plugin 1335.vf07d... • https://github.com/MXWXZ/CVE-2024-34144 • CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 94%CPEs: 2EXPL: 18CVE-2024-4040 – CrushFTP VFS Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2024-4040
22 Apr 2024 — A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. VFS Sandbox Escape en CrushFTP en todas las versiones anteriores a 10.7.1 y 11.1.0 en todas las plataformas permite a atacantes remotos con privilegi... • https://packetstorm.news/files/id/180590 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-32462 – Flatpak vulnerable to a sandbox escape via RequestBackground portal due to bad argument parsing
https://notcve.org/view.php?id=CVE-2024-32462
18 Apr 2024 — When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. ... Cuando esto se convierte en un `--command` y argumentos, logra el mismo efecto de pasar argumentos directamente a `bwrap` y, por lo tanto, puede usarse para un escape sandbox. ... This is normally safe because it can... • http://www.openwall.com/lists/oss-security/2024/04/18/5 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29021 – SSRF into Sandbox Escape through Unsafe Default Configuration
https://notcve.org/view.php?id=CVE-2024-29021
18 Apr 2024 — The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSRF). • https://github.com/judge0/judge0/blob/ad66f77b131dbbebf2b9ff8083dca9a68680b3e5/app/jobs/isolate_job.rb#L203-L230 • CWE-918: Server-Side Request Forgery (SSRF) CWE-1393: Use of Default Password •
CVSS: 10.0EPSS: 64%CPEs: 1EXPL: 1CVE-2024-28189 – Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link
https://notcve.org/view.php?id=CVE-2024-28189
18 Apr 2024 — The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside of the sandbox. This vulnerability is not impactful on it's own, but it can be used to bypass the patch for CVE-2024-28185 and obtain a complete sandbox escape. This vulnerability is fixed in 1.13.1. ... Judge0 does not ... • https://packetstorm.news/files/id/182718 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 10.0EPSS: 67%CPEs: 1EXPL: 1CVE-2024-28185 – Judge0 vulnerable to Sandbox Escape via Symbolic Link
https://notcve.org/view.php?id=CVE-2024-28185
18 Apr 2024 — The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a `run_script` to the sandbox directory. ... An attacker can leverage this vulnerability to overwrite scripts on the system and gain code execution outside of the sandbox. ... Al ejecutar un envío, Judge0 escribe un `run_script` en el directori... • https://packetstorm.news/files/id/182718 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3157 – Debian Security Advisory 5656-1
https://notcve.org/view.php?id=CVE-2024-3157
10 Apr 2024 — Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html • CWE-787: Out-of-bounds Write •