Maven package
de.tum.in.ase/artemis-java-test-sandbox
pkg:maven/de.tum.in.ase/artemis-java-test-sandbox
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-23681 | — | < 1.11.2 | 1.11.2 | Jan 19, 2024 | Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. | ||
| CVE-2024-23683 | — | < 1.7.6 | 1.7.6 | Jan 19, 2024 | Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. | ||
| CVE-2024-23682 | — | < 1.8.0 | 1.8.0 | Jan 19, 2024 | Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. |
- CVE-2024-23681Jan 19, 2024affected < 1.11.2fixed 1.11.2
Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
- CVE-2024-23683Jan 19, 2024affected < 1.7.6fixed 1.7.6
Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
- CVE-2024-23682Jan 19, 2024affected < 1.8.0fixed 1.8.0
Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.