Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jY2hxLWZyZ3YtcmpoNc4AA0sM
vm2 Sandbox Escape vulnerability
In vm2 for versions up to 3.9.19, Promise
handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code.
Impact
Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox.
Patches
None.
Workarounds
None.
References
PoC - https://gist.github.com/leesh3288/f693061e6523c97274ad5298eb2c74e9
For more information
If you have any questions or comments about this advisory:
- Open an issue in VM2
Thanks to Xion (SeungHyun Lee) of KAIST Hacking Lab for disclosing this vulnerability.
Permalink: https://github.com/advisories/GHSA-cchq-frgv-rjh5JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jY2hxLWZyZ3YtcmpoNc4AA0sM
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 10 months ago
Updated: 6 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-cchq-frgv-rjh5, CVE-2023-37466
References:
- https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5
- https://nvd.nist.gov/vuln/detail/CVE-2023-37466
- https://security.netapp.com/advisory/ntap-20230831-0007/
- https://gist.github.com/leesh3288/f693061e6523c97274ad5298eb2c74e9
- https://github.com/advisories/GHSA-cchq-frgv-rjh5
Blast Radius: 46.2
Affected Packages
npm:vm2
Dependent packages: 973Dependent repositories: 52,172
Downloads: 7,008,174 last month
Affected Version Ranges: <= 3.9.19
No known fixed version
All affected versions: 0.1.0, 0.1.1, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 1.0.0, 1.0.1, 2.0.0, 2.0.2, 3.0.0, 3.0.1, 3.1.0, 3.2.0, 3.3.0, 3.3.1, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.4.6, 3.5.0, 3.5.1, 3.5.2, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 3.6.7, 3.6.8, 3.6.9, 3.6.10, 3.6.11, 3.7.0, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.9.0, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 3.9.8, 3.9.9, 3.9.10, 3.9.11, 3.9.12, 3.9.13, 3.9.14, 3.9.15, 3.9.16, 3.9.17, 3.9.18, 3.9.19