This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Judge0 CE allows attackers to escape the sandbox via symbolic links. π **Consequences**: Arbitrary code execution outside the isolated environment. Total loss of isolation integrity.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **CWE-61**: Symbolic Link Following. π **Flaw**: The app uses UNIX commands on untrusted files inside the sandbox. It fails to prevent creating links to external files.
π» **Privileges**: Execute code **outside** the sandbox. π **Data**: Access/Modify files outside the restricted directory. β οΈ **Impact**: High (CVSS 9.8). Full system compromise possible.
π **Public Exp**: No specific PoC code in data. π **References**: GitHub commits & Security Advisories (GHSA) are public. β οΈ **Status**: Theoretical/Conceptual exploitation is clear, but wild exploit scripts not listed.
Q7How to self-check? (Features/Scanning)
π **Check**: Verify your Judge0 CE version. π« **Flag**: If version < 1.13.1, you are vulnerable. π **Scan**: Look for usage of UNIX commands on untrusted sandbox files in `isolate_job.rb`.
Q8Is it fixed officially? (Patch/Mitigation)
β **Fixed**: Yes. π **Patch**: Upgrade to **v1.13.1** or later. π **Source**: See GitHub commit `f3b8547` and GHSA advisories for official fixes.
Q9What if no patch? (Workaround)
π **Workaround**: If you cannot upgrade, **disable** the code execution feature for untrusted users. π« **Mitigation**: Strictly validate file paths and prevent symlink creation in the sandbox environment.
Q10Is it urgent? (Priority Suggestion)
π₯ **Urgency**: **CRITICAL**. π¨ **Priority**: Patch immediately. Remote code execution with no auth is a top-tier threat. Do not ignore this CVE.