CVE-2024-28185

CVSS 3.1 Score 10.0 of 10 (high)

Details

Published Apr 18, 2024

CWE ID 59

CWE ID 61

Summary

CVE-2024-28185 is a vulnerability affecting Judge0, an open-source online code execution system. The issue arises from the application's failure to account for symlinks in the sandbox directory. An attacker can create a symlink named "run_script" before Judge0 writes to that path, causing the application to write to an arbitrary file outside of the sandbox instead. This enables the attacker to overwrite system scripts, gaining unauthorized code execution.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vdZRtF
https://www.cve.org/CVERecord?id=CVE-2024-28185
https://nvd.nist.gov/vuln/detail/CVE-2024-28185

Back to Vulnerability Database

CVE-2024-28185

CVSS 3.1 Score 10.0 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations