Lucene search

Veracode Vulnerability DatabaseVERACODE:45110

HistoryJan 22, 2024 - 7:48 a.m.

Arbitrary Code Execution

2024-01-2207:48:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

arbitrary code execution

java

vulnerability

invocationtargetexception

sanitization

trust context

software

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

5.1%

JSON

de.tum.in.ase: artemis-java-test-sandbox is vulnerable to Arbitrary Code Execution. The vulnerability is due to missing class sanitization during the creation of special subclasses of type InvocationTargetException. An attacker can execute arbitrary student code in the trusted context.

References

github.com/advisories/GHSA-883x-6fch-6wjx

github.com/ls1intum/Ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392

github.com/ls1intum/Ares/issues/15#issuecomment-996449371

github.com/ls1intum/Ares/releases/tag/1.7.6

github.com/ls1intum/Ares/security/advisories/GHSA-883x-6fch-6wjx

vulncheck.com/advisories/vc-advisory-GHSA-883x-6fch-6wjx

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for VERACODE:45110