CVE-2024-29021

CRITICAL Year: 2024
CVSS v3 Score
9.0
Critical
Weakness Type
CWE-918
View all →

Vulnerability Description

Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSRF). This allows an attacker with sufficient access to the Judge0 API to obtain unsandboxed code execution as root on the target machine. This vulnerability is fixed in 1.13.1.

Related Vulnerabilities

CVE-2021-40438

CRITICAL
CVSS:9.0(Critical)

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

CWE-9182021

CVE-2022-0939

CRITICAL
CVSS:9.0(Critical)

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.

CWE-9182022

CVE-2024-32964

CRITICAL
CVSS:9.0(Critical)

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vul...

CWE-9182024

CVE-2017-14611

CRITICAL
CVSS:9.1(Critical)

SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued ahe...

CWE-9182017

CVE-2018-1000138

CRITICAL
CVSS:9.1(Critical)

I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or upda...

CWE-9182018

CVE-2018-16444

CRITICAL
CVSS:9.1(Critical)

An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter.

CWE-9182018