CVE-2024-23681

Published: Jan 19, 2024Modified: Nov 28, 2025

8.2

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Exploitability: 1.5 / Impact: 6.0

Source: NVD

Description

Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.

Affected (1)

Products: Ls1intum: Artemis Java Test Sandbox

1 product

Artemis Java Test Sandbox

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ls1intum Artemis Java Test Sandbox	Before 1.11.2

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (6)

https://github.com/advisories/GHSA-98hq-4wmw-98w9

Source: disclosure@vulncheck.com

ExploitThird Party Advisory

https://github.com/ls1intum/Ares/security/advisories/GHSA-98hq-4wmw-98w9

Source: disclosure@vulncheck.com

ExploitVendor Advisory

https://vulncheck.com/advisories/vc-advisory-GHSA-98hq-4wmw-98w9

Source: disclosure@vulncheck.com

Third Party Advisory

https://github.com/advisories/GHSA-98hq-4wmw-98w9

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/ls1intum/Ares/security/advisories/GHSA-98hq-4wmw-98w9

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://vulncheck.com/advisories/vc-advisory-GHSA-98hq-4wmw-98w9

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.