Browse all 3 CVE security advisories affecting judge0. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Judge0 is an online code execution platform designed for compiling and running code in multiple programming languages. Historically, it has been vulnerable to remote code execution (RCE) through sandbox escapes, cross-site scripting (XSS) in its web interface, and privilege escalation flaws that allowed unauthorized access to system resources. These vulnerabilities stem from improper input validation and insufficient sandbox isolation. While no major public incidents have been widely reported, the three CVEs highlight persistent security challenges in code execution environments, particularly around sandbox integrity and user input handling. The platform remains popular despite these risks, underscoring the ongoing tension between functionality and security in online code execution services.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-29021 | SSRF into Sandbox Escape through Unsafe Default Configuration — judge0CWE-918 | 9.1 | Critical | 2024-04-18 |
| CVE-2024-28189 | Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link — judge0CWE-61 | 10.0 | Critical | 2024-04-18 |
| CVE-2024-28185 | Judge0 vulnerable to Sandbox Escape via Symbolic Link — judge0CWE-61 | 10.0 | Critical | 2024-04-18 |
This page lists every published CVE security advisory associated with judge0. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.