Judge0 Judge0
3 CVEs affecting Judge0 Judge0. Latest disclosed: 2024-04-18. Critical: 3, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-28189 | Critical | 10.0 | 2024-04-18 | Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abu… |
CVE-2024-28185 | Critical | 10.0 | 2024-04-18 | Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leverage… |
CVE-2024-29021 | Critical | 9.1 | 2024-04-18 | Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Re… |