Judge0, an open-source service used in secure sandboxes, has been discovered to possess vulnerabilities (CVE-2024-29021, CVE-2024-28185, CVE-2024-28189) that may permit attackers to execute sandbox escapes, potentially gaining root permissions on host systems. Organizations, including educational and recruitment entities, relying on Judge0 for secure code execution in competitive programming are at risk. Despite initial patches, persistent vulnerabilities were found, emphasizing the challenges in securing complex software systems, particularly given the platform's intricate interactions and privileged access
The rapid response from both security researchers and Judge0's developers highlights the importance of continuous vigilance and proactive security measures in combating emerging cyber threats. https://www.infosecurity-magazine.com/news/judge0-sandbox-flaws-systems/