CVE-2024-23681

Published Jan 19, 2024

Last updated 23 days ago

Overview

Description
Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
Source
disclosure@vulncheck.com
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
8.2
Impact score
6
Exploitability score
1.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Severity
HIGH

Weaknesses

disclosure@vulncheck.com
CWE-284
nvd@nist.gov
NVD-CWE-Other

Social media

Hype score
Not currently trending

Configurations