Sandbox Escape Vulnerabilities

Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system.

The three flaws, all critical in nature, allow an "adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine," Australian cybersecurity firm Tanto Security said in a report published today.

Judge0 (pronounced "judge zero") is described by its maintainers as a "robust, scalable, and open-source online code execution system" that can be used to build applications that require online code execution features such as candidate assessment, e-learning, and online code editors and IDEs.

According to its website, the service is used by 23 customers like AlgoDaily, CodeChum, and PYnative, among others. The project has been forked 412 times on GitHub to date.


The flaws, discovered and reported by Daniel Cooper in March 2024, are listed below -

  • CVE-2024-28185 (CVSS score: 10.0) - The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox.
  • CVE-2024-28189 (CVSS score: 10.0) - A patch bypass for CVE-2024-28185 that stems from the use of the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside of the sandbox.
  • CVE-2024-29021 (CVSS score: 9.1) - The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server-Side Request Forgery (SSRF). This allows an attacker with sufficient access to the Judge0 API to obtain unsandboxed code execution as root on the target machine.

The problem is rooted in a Ruby script named "isolate_job.rb," which is responsible for setting up the sandbox, as well running the code and storing the results of the execution.

Specifically, it entails creating a symbolic link in the directory before a bash script is set up to execute the program based on the submission language such that it allows writing to an arbitrary file on the unsandboxed system.

A threat actor could leverage this flaw to overwrite scripts on the system and gain code execution outside of the sandbox and on the Docker container running the submission job.

What's more, the attacker could escalate their privileges outside of the Docker container due to it being run using the privileged flag as specified in docker-compose.yml.

"This will allow the attacker to mount the Linux host filesystem and the attacker can then write files (for example a malicious cron job) to gain access to the system," Judge0's Herman Došilović said.

"From this point the attacker will have complete access to the Judge0 system including the database, internal networks, the Judge0 web server, and any other applications running on the Linux host."

CVE-2024-29021, on the other hand, has to do with a configuration that permits communicating with Judge0's PostgreSQL database available inside the internal Docker network, thus enabling the adversary to weaponize the SSRF to connect to the database and change the datatype of relevant columns and ultimately gain command injection.

Following responsible disclosure, the shortcomings have been addressed in version 1.13.1 released on April 18, 2024. Users of Judge0 are advised to update to the latest version to mitigate potential threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.