CVE-2024-23683

HIGH

Artemis Java Test Sandbox <1.7.6 - Code Injection

Title source: llm
STIX 2.1

Description

Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.

Scores

CVSS v3 8.2
EPSS 0.0036
EPSS Percentile 27.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-653
Status published
Products (2)
de.tum.in.ase/artemis-java-test-sandbox 0 - 1.7.6Maven
ls1intum/artemis_java_test_sandbox < 1.7.6
Published Jan 19, 2024
Tracked Since Feb 18, 2026