Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SSRF into Sandbox Escape through Unsafe Default Configuration
Vulnerability Description
Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSRF). This allows an attacker with sufficient access to the Judge0 API to obtain unsandboxed code execution as root on the target machine. This vulnerability is fixed in 1.13.1.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Judge0 CE 安全漏洞
Vulnerability Description
Judge0 CE是Judge0开源的一个开源在线代码执行系统。 Judge0 CE 1.13.1之前版本存在安全漏洞,该漏洞源于默认配置存在安全问题,导致服务器端请求伪造,攻击者利用该漏洞可以获取 root 身份并执行代码。
CVSS Information
N/A
Vulnerability Type
N/A