GHSA-xj72-wvfv-8985

Source

https://github.com/advisories/GHSA-xj72-wvfv-8985

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-xj72-wvfv-8985/GHSA-xj72-wvfv-8985.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-xj72-wvfv-8985

Aliases

CVE-2023-29199

Published

2023-04-12T20:42:44Z

Modified

2023-11-01T05:01:47.682544Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

vm2 Sandbox Escape vulnerability

Details

There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException() and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context.

Impact

A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox.

Patches

This vulnerability was patched in the release of version 3.9.16 of vm2.

Workarounds

None.

References

Github Issue - https://github.com/patriksimek/vm2/issues/516 PoC - https://gist.github.com/leesh3288/f05730165799bf56d70391f3d9ea187c

For more information

If you have any questions or comments about this advisory:

Open an issue in VM2

Thanks to Xion (SeungHyun Lee) of KAIST Hacking Lab for disclosing this vulnerability.

Database specific

{
    "github_reviewed": true,
    "nvd_published_at": "2023-04-14T19:15:00Z",
    "severity": "CRITICAL",
    "github_reviewed_at": "2023-04-12T20:42:44Z",
    "cwe_ids": [
        "CWE-913"
    ]
}

References

Affected packages

npm / vm2

Package

Name: vm2; View open source insights on deps.dev
Purl: pkg:npm/vm2

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.9.16

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-xj72-wvfv-8985/GHSA-xj72-wvfv-8985.json"