GHSA-ch3r-j5x3-6q2m

Source

https://github.com/advisories/GHSA-ch3r-j5x3-6q2m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-ch3r-j5x3-6q2m/GHSA-ch3r-j5x3-6q2m.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-ch3r-j5x3-6q2m

Aliases

CVE-2023-30547

Related

CVE-2023-30547

Published

2023-04-20T14:37:53Z

Modified

2023-11-01T05:01:55.507770Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

vm2 Sandbox Escape vulnerability

Details

There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException() which can be used to escape the sandbox and run arbitrary code in host context.

Impact

A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox.

Patches

This vulnerability was patched in the release of version 3.9.17 of vm2.

Workarounds

None.

References

PoC - https://gist.github.com/leesh3288/381b230b04936dd4d74aaf90cc8bb244

For more information

If you have any questions or comments about this advisory:

Open an issue in VM2

Thanks to Xion (SeungHyun Lee) of KAIST Hacking Lab for disclosing this vulnerability.

Database specific

{
    "nvd_published_at": "2023-04-17T22:15:10Z",
    "cwe_ids": [
        "CWE-74"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2023-04-20T14:37:53Z"
}

References

Affected packages

npm / vm2

Package

Name: vm2; View open source insights on deps.dev
Purl: pkg:npm/vm2

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.9.17