CVE-2024-23682

Summary

Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.

Affected Software

VendorProductVersion RangeStatus
0 < 1.8.0affected

Weaknesses

  • CWE-501: CWE-501 Trust Boundary Violation
  • CWE-653: CWE-653 Improper Isolation or Compartmentalization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References