CVE-2024-23681
HIGHArtemis Java Test Sandbox < 1.11.2 - Sandbox Escape via Untrusted Library Loading
Title source: llmDescription
Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
References (3)
Core 3
Core References
Exploit, Vendor Advisory vendor-advisory
https://github.com/ls1intum/Ares/security/advisories/GHSA-98hq-4wmw-98w9
Exploit, Third Party Advisory vendor-advisory
https://github.com/advisories/GHSA-98hq-4wmw-98w9
Third Party Advisory third-party-advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-98hq-4wmw-98w9
Scores
CVSS v3
8.2
EPSS
0.0034
EPSS Percentile
26.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-284
Status
published
Products (2)
de.tum.in.ase/artemis-java-test-sandbox
0 - 1.11.2Maven
ls1intum/artemis_java_test_sandbox
< 1.11.2
Published
Jan 19, 2024
Tracked Since
Feb 18, 2026