vm2 vulnerable to sandbox escape #312
Labels
Auto Create Issues
Label for Auto Created Issues
Critical
This label for Security Severity only
Security
Label for Security Issues
Milestone
Description
vm2 was not properly handling host objects passed to
Error.prepareStackTrace
in case of unhandled async errors.vm2 version: ~3.9.14
Node version: 18.15.0, 19.8.1, 17.9.1
Impact
A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox.
Patches
This vulnerability was patched in the release of version
3.9.15
ofvm2
.Workarounds
None.
Severity Check
Severity Number
9.8
CVSS base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weaknesses
CWE-913
CVE ID
CVE-2023-29017
GHSA ID
GHSA-7jxr-cg7f-gpgv
Information
Package
vm2 (npm)
Affected versions
< 3.9.15
Patched versions
3.9.15
References
GHSA-7jxr-cg7f-gpgv
https://nvd.nist.gov/vuln/detail/CVE-2023-29017
[VM2 Sandbox Escape] Vulnerability in vm2@3.9.14 patriksimek/vm2#515
patriksimek/vm2@d534e57
https://gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d
The text was updated successfully, but these errors were encountered: