Sandbox escape in Artemis Java Test Sandbox
High severity
GitHub Reviewed
Published
Jan 19, 2024
to the GitHub Advisory Database
•
Updated Jan 26, 2024
Package
Affected versions
< 1.11.2
Patched versions
1.11.2
Description
Published by the National Vulnerability Database
Jan 19, 2024
Published to the GitHub Advisory Database
Jan 19, 2024
Reviewed
Jan 22, 2024
Last updated
Jan 26, 2024
Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
References