Description
Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
References (6)
Core 6
Core References
Exploit, Vendor Advisory vendor-advisory
https://github.com/ls1intum/Ares/security/advisories/GHSA-883x-6fch-6wjx
Issue Tracking issue-tracking
https://github.com/ls1intum/Ares/issues/15#issuecomment-996449371
Release Notes related
https://github.com/ls1intum/Ares/releases/tag/1.7.6
Exploit, Third Party Advisory vendor-advisory
https://github.com/advisories/GHSA-883x-6fch-6wjx
Third Party Advisory third-party-advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-883x-6fch-6wjx
Scores
CVSS v3
8.2
EPSS
0.0036
EPSS Percentile
27.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-653
Status
published
Products (2)
de.tum.in.ase/artemis-java-test-sandbox
0 - 1.7.6Maven
ls1intum/artemis_java_test_sandbox
< 1.7.6
Published
Jan 19, 2024
Tracked Since
Feb 18, 2026