"Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover"

Tanto Security warns that three critical-severity vulnerabilities in the Judge0 open source service enable attackers to conduct sandbox escapes and take over the host machine. Judge0 is an online service for executing arbitrary code in a secure sandbox. This service facilitates the development of applications that require online code execution, such as programming, e-commerce, recruitment platforms, online code editors, and more. The company announced in an advisory that Judge0 versions before 1.13.1 are affected by three flaws that allow attackers to execute code outside the sandbox and escalate their privileges to take over the Judge0 system. This article continues to discuss the potential exploitation and impact of the critical Judge0 vulnerabilities. 

SecurityWeek reports "Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover"

Submitted by grigby1

Submitted by grigby1 CPVI on