CARVIEW |
Select Language
HTTP/2 200
date: Mon, 21 Jul 2025 16:34:14 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
etag: W/"84af6df6dcc6a67b16c288405e3cfc73"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=rWAalsbRFSner2%2BGLhYJo%2FUup4T0945BWdjdYvGyV8j6u6LXsdmaUduU7pXToYjXJQg9OFQDymq3kFKAyLTy8rlE8U0sJ6ZGRGS85VnDLH%2BjyD%2FYGL%2BvNU98fWb24TvpqcwwnPvpK1DnbMYH%2FcS%2BCDQ3JeQQzjGBx11qTpkgBUFUNrJPHvrPMjLnDhHz7Yc5MBf09BXnmkmMqQTSR2MlL9Js90PNDQ0kOaGorjZzO%2BWF%2BDTxs61pfRHjv%2BfsHal7AON0K6fj4aMfRlq%2Bez4CGg%3D%3D--l2y1CduwR7R9uaoj--KthAqPy%2BD8ew1MzQYMwkbQ%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.1517211648.1753115654; Path=/; Domain=github.com; Expires=Tue, 21 Jul 2026 16:34:14 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Tue, 21 Jul 2026 16:34:14 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: A1E0:26F11:35566:3F066:687E6C06
Sandbox Escape Patch Bypass via chown running on Symbolic Link · Advisory · judge0/judge0 · GitHub
Skip to content
Navigation Menu
{{ message }}
-
Notifications
You must be signed in to change notification settings - Fork 632
Sandbox Escape Patch Bypass via chown running on Symbolic Link
Critical
Package
judge0/judge0
(Docker Hub)
Affected versions
<= 1.13.0
Patched versions
>= 1.13.1
Description
Severity
Critical
/ 10
CVSS v3 base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE ID
CVE-2024-28189
Weaknesses
Weakness CWE-61
UNIX Symbolic Link (Symlink) Following
The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. Learn more on MITRE.Credits
-
stacksparrow4 Reporter
You can’t perform that action at this time.
Summary
The application uses the UNIX
chown
command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to runchown
on arbitrary files outside of the sandbox.This vulnerability is not impactful on it's own, but it can be used to bypass the patch for CVE-2024-28185 and obtain a complete sandbox escape.
Details
As reported in this advisory, there exists a vulnerability in Judge0 that allows users to write to files outside of the sandbox.
On versions <= v1.13.0, this is enough to get code execution. After this commit, the code runs as the user
judge0
meaning that it is not possible to overwrite many relevant files. To bypass this, symlinks can also be used to exploit the following code:View this source on Github here.
By creating a symlink named
run_script
we can force the application tochown
arbitrary files, allowing them to be overwritten with the technique described in the other advisory.An attacker can leverage this vulnerability to overwrite scripts on the system and gain code execution outside of the sandbox.
PoC
This proof of concept leverages the vulnerability to overwrite the
/bin/rm
binary. The application executes commands using/bin/rm
on every submission, so overwriting it will result in the attacker's code being executed outside of the sandbox.The command that is being run is
touch /tmp/poc
, which is used to verify that the command is being run outside the sandbox as the file is being written to the webserver Docker container's/tmp
directory.git clone git@github.com:judge0/judge0.git cd judge0
touch /tmp/poc
will have been executed outside of the sandbox. To confirm this, run the following command:Impact
An attacker can use this vulnerability to gain unsandboxed code execution on the Docker container running the submission job.
Additionally, the attacker may then escalate their privileges outside of the Docker container due to the Docker container being run using the
privileged
flag as specified indocker-compose.yml
. This will allow the attacker to mount the Linux host filesystem and the attacker can then write files (for example a malicious cron job) to gain access to the system.From this point the attacker will have complete access to the Judge0 system including the database, internal networks, the Judge0 webserver, and any other applications running on the Linux host.