GHSA-98HQ-4WMW-98W9
Vulnerability from github – Published: 2023-02-10 23:52 – Updated: 2026-01-22 20:31
VLAI?
Summary
Arbitrary code execution in de.tum.in.ase:artemis-java-test-sandbox
Details
Summary
Because of the missing checkLink(String) override in the SecurityManager, students can load libraries and execute arbitrary code.
Details
Using System.load(String) or System.loadLibrary(String) students can load and execute arbitrary code.
private static native void start(List<String> args);
public static void main(String[] args) {
System.load(new File("path_to_lib.so").getAbsolutePath());
start(List.of(args));
}
Adding this to the security manager (and a translation) should fix the issue:
@Override
public void checkExec(String cmd) {
try {
if (enterPublicInterface())
return;
throw new SecurityException(localized("security.error_link")); //$NON-NLS-1$
} finally {
exitPublicInterface();
}
}
PoC
See details.
Impact
Arbitrary code execution.
Severity ?
8.2 (High)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "de.tum.in.ase:artemis-java-test-sandbox"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.11.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-23681"
],
"database_specific": {
"cwe_ids": [
"CWE-284"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-10T23:52:13Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\nBecause of the missing `checkLink(String)` override in the SecurityManager, students can load libraries and execute arbitrary code.\n\n### Details\nUsing `System.load(String)` or `System.loadLibrary\u200b(String)` students can load and execute arbitrary code.\n\n```java\nprivate static native void start(List\u003cString\u003e args);\n\npublic static void main(String[] args) {\n System.load(new File(\"path_to_lib.so\").getAbsolutePath());\n start(List.of(args));\n}\n```\n\nAdding this to the security manager (and a translation) should fix the issue:\n```java\n@Override\npublic void checkExec(String cmd) {\n try {\n if (enterPublicInterface())\n return;\n throw new SecurityException(localized(\"security.error_link\")); //$NON-NLS-1$\n } finally {\n exitPublicInterface();\n }\n}\n```\n\n### PoC\nSee details.\n\n### Impact\nArbitrary code execution.",
"id": "GHSA-98hq-4wmw-98w9",
"modified": "2026-01-22T20:31:06Z",
"published": "2023-02-10T23:52:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ls1intum/Ares/security/advisories/GHSA-98hq-4wmw-98w9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23681"
},
{
"type": "PACKAGE",
"url": "https://github.com/ls1intum/Ares"
},
{
"type": "WEB",
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-98hq-4wmw-98w9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Arbitrary code execution in de.tum.in.ase:artemis-java-test-sandbox"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…