CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 2CVE-2024-23681 – Artemis Java Test Sandbox Libary Load Escape
https://notcve.org/view.php?id=CVE-2024-23681
19 Jan 2024 — Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. Las versiones de Artemis Java Test Sandbox anteriores a 1.11.2 son vulnerables a un escape de la sandbox cuando un atacante carga librerías que no son de confianza utilizando System.load o System.loadLibrary. Un atacante puede abus... • https://github.com/advisories/GHSA-98hq-4wmw-98w9 • CWE-284: Improper Access Control •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 2CVE-2024-23683 – Artemis Java Test Sandbox InvocationTargetException Subclass Escape
https://notcve.org/view.php?id=CVE-2024-23683
19 Jan 2024 — Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. Las versiones de Artemis Java Test Sandbox inferiores a 1.7.6 son vulnerables a un escape de la sandbox cuando un atacante crea una subclase especial de InvocationTargetException. Un atacante puede abusar de este problema para ejecutar Java... • https://github.com/advisories/GHSA-883x-6fch-6wjx •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 2CVE-2024-23682 – Artemis Java Test Sandbox Class Loading Escape
https://notcve.org/view.php?id=CVE-2024-23682
19 Jan 2024 — Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. Las versiones de Artemis Java Test Sandbox anteriores a 1.8.0 son vulnerables a un escape de la sandbox cuando un atacante incluye archivos de clase en un paquete en el que Ares confía. Un atacante puede abusar de este problema para ejecutar Java ... • https://github.com/advisories/GHSA-227w-wv4j-67h4 • CWE-501: Trust Boundary Violation CWE-653: Improper Isolation or Compartmentalization •