CVE-2024-23682: Class Loading Vulnerability in Artemis
(updated )
This affects all Artemis users who test Java assignments. Ares is not required. Students code that gets automatically tested can run arbitrary code in the container, or arbitrary code on the machine of an assessor in case of manual correction.
References
- github.com/advisories/GHSA-227w-wv4j-67h4
- github.com/ls1intum/Ares
- github.com/ls1intum/Ares/issues/15
- github.com/ls1intum/Ares/releases/tag/1.8.0
- github.com/ls1intum/Ares/security/advisories/GHSA-227w-wv4j-67h4
- nvd.nist.gov/vuln/detail/CVE-2024-23682
- vulncheck.com/advisories/vc-advisory-GHSA-227w-wv4j-67h4
Code Behaviors & Features
Detect and mitigate CVE-2024-23682 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →