bug-bounty621
facebook428
xss316
google101
rce99
csrf60
microsoft56
web355
account-takeover53
writeup50
sqli41
apple38
ssrf34
cve33
exploit32
dos31
privilege-escalation28
defi28
cloudflare27
smart-contract-vulnerability25
idor24
subdomain-takeover24
smart-contract23
clickjacking23
ethereum23
access-control21
vulnerability-disclosure21
malware20
auth-bypass19
remote-code-execution18
lfi17
cors16
reverse-engineering15
race-condition15
cloud15
authentication-bypass14
solidity14
oauth12
info-disclosure12
aws12
browser11
phishing11
sql-injection11
delegatecall11
denial-of-service11
web-application-security10
web-security9
token-theft9
vulnerability9
responsible-disclosure9
0
A researcher discovered a sandbox escape vulnerability in HackerEarth's Theia IDE that allowed remote code execution by accessing the disabled terminal through VS Code's 'Task: Run selected text' command. The exploit enabled reading AWS credentials, SSL certificates, and other sensitive system files from the underlying infrastructure.
sandbox-escape
remote-code-execution
rce
ide-security
theia-ide
vs-code
responsible-disclosure
aws-credentials
metadata-service
ecs-metadata
ssl-certificate-exposure
terminal-access
privilege-escalation
file-read
git-metadata
bug-bounty
HackerEarth
Theia IDE
VS Code
Jatin Dhankhar
Puma Scan
AWS
ECS