Judge0 Vulnerabilities Could Allow Sandbox EscapeAttribution

From latesthackingnews.com

A security researcher discovered a security vulnerability in the Judge0 system, which received a patch that could further be bypassed, leading to further vulnerabilities. While the developer eventually patched the issue after repeated exploits, the researcher still suspects the probability of another patch bypass. Multiple Judge0 Vulnerabilities Emerged Following Repeated Patch Bypass As explained in a recent blog post, security researcher Daniel Cooper from Tanto Security discovered multiple security issues in the open-source software Judge0. Exploiting the vulnerabilities could allow an adversary to execute arbitrary codes on the target Judge0 systems. Judge0 is an open-source online code execution system that facilitates building apps with code execution features, such as IDEs, e-learning services, and more. The system boasts a huge customer base, indicating its popularity in the tech community. However, this huge user base also shows the huge impact of any judge0 vulnerabilities if exploited.

Read more…