CVE-2024-23681 – Artemis Java Test Sandbox Libary Load Escape
https://notcve.org/view.php?id=CVE-2024-23681
Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. Las versiones de Artemis Java Test Sandbox anteriores a 1.11.2 son vulnerables a un escape de la sandbox cuando un atacante carga librerías que no son de confianza utilizando System.load o System.loadLibrary. Un atacante puede abusar de este problema para ejecutar Java arbitrario cuando una víctima ejecuta el código supuestamente aislado. • https://github.com/advisories/GHSA-98hq-4wmw-98w9 https://github.com/ls1intum/Ares/security/advisories/GHSA-98hq-4wmw-98w9 https://vulncheck.com/advisories/vc-advisory-GHSA-98hq-4wmw-98w9 • CWE-284: Improper Access Control •
CVE-2024-23683 – Artemis Java Test Sandbox InvocationTargetException Subclass Escape
https://notcve.org/view.php?id=CVE-2024-23683
Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. Las versiones de Artemis Java Test Sandbox inferiores a 1.7.6 son vulnerables a un escape de la sandbox cuando un atacante crea una subclase especial de InvocationTargetException. Un atacante puede abusar de este problema para ejecutar Java arbitrario cuando una víctima ejecuta el código supuestamente aislado. • https://github.com/advisories/GHSA-883x-6fch-6wjx https://github.com/ls1intum/Ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392 https://github.com/ls1intum/Ares/issues/15#issuecomment-996449371 https://github.com/ls1intum/Ares/releases/tag/1.7.6 https://github.com/ls1intum/Ares/security/advisories/GHSA-883x-6fch-6wjx https://vulncheck.com/advisories/vc-advisory-GHSA-883x-6fch-6wjx •
CVE-2024-23682 – Artemis Java Test Sandbox Class Loading Escape
https://notcve.org/view.php?id=CVE-2024-23682
Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. Las versiones de Artemis Java Test Sandbox anteriores a 1.8.0 son vulnerables a un escape de la sandbox cuando un atacante incluye archivos de clase en un paquete en el que Ares confía. Un atacante puede abusar de este problema para ejecutar Java arbitrario cuando una víctima ejecuta el código supuestamente aislado. • https://github.com/advisories/GHSA-227w-wv4j-67h4 https://github.com/ls1intum/Ares/issues/15 https://github.com/ls1intum/Ares/releases/tag/1.8.0 https://github.com/ls1intum/Ares/security/advisories/GHSA-227w-wv4j-67h4 https://vulncheck.com/advisories/vc-advisory-GHSA-227w-wv4j-67h4 • CWE-501: Trust Boundary Violation CWE-653: Improper Isolation or Compartmentalization •