CVE-2024-28185— Judge0 vulnerable to Sandbox Escape via Symbolic Link
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-28185
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Judge0 vulnerable to Sandbox Escape via Symbolic Link
Source: NVD (National Vulnerability Database)
Vulnerability Description
Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a `run_script` to the sandbox directory. The security issue is that an attacker can create a symbolic link (symlink) at the path `run_script` before this code is executed, resulting in the `f.write` writing to an arbitrary file on the unsandboxed system. An attacker can leverage this vulnerability to overwrite scripts on the system and gain code execution outside of the sandbox.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-61
Source: NVD (National Vulnerability Database)
Vulnerability Title
Judge0 CE 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Judge0 CE是Judge0开源的一个开源在线代码执行系统。 Judge0 CE 1.13.1之前版本存在安全漏洞,该漏洞源于应用程序不考虑放置在沙箱目录内的符号链接,攻击者利用该漏洞可以使用该符号链接写入任意文件并在沙箱外执行代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
II. Public POCs for CVE-2024-28185
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-28185
请登录查看更多情报信息。
- https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cfx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2024-28185
Same Patch Batch · judge0 · 2024-04-18 · 3 CVEs total
| CVE-2024-28189 | 10.0 CRITICAL | Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link |
| CVE-2024-29021 | 9.1 CRITICAL | SSRF into Sandbox Escape through Unsafe Default Configuration |
IV. Related Vulnerabilities
Same weakness: CWE-61
- CVE-2026-29203
cPanel 安全漏洞 - CVE-2026-42275
zrok: WebDAV drive backend follows symlinks outside DriveRoo - CVE-2026-31893
Tunnelblick arbitrary file read via symlink following in tun - CVE-2026-7832
IObit Advanced SystemCare Service ASC.exe symlink - CVE-2026-43570
OpenClaw 2026.3.22 < 2026.4.5 - Symlink Traversal in Remote
V. Comments for CVE-2024-28185
No comments yet