CVE-2023-29017
CRITICAL9.8EPSS 75.0%vm2 vulnerable to sandbox escape
Published: 4/7/2023Modified: 11/8/2023
Description
vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. - vm2 version: ~3.9.14 - Node version: 18.15.0, 19.8.1, 17.9.1 ### Impact A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. ### Patches This vulnerability was patched in the release of version `3.9.15` of `vm2`. ### Workarounds None.
Affected packages (1)
- npm/vm2from 0, < 3.9.15
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-29017
- PATCHhttps://github.com/patriksimek/vm2
- WEBhttps://gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d
- WEBhttps://github.com/patriksimek/vm2/commit/d534e5785f38307b70d3aac1945260a261a94d50
- WEBhttps://github.com/patriksimek/vm2/issues/515
- WEBhttps://github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv