CVE-2023-29017
CRITICAL9.8EPSS 75.0%vm2 vulnerable to sandbox escape
發布日:2023/4/7修改日:2023/11/8
描述
vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. - vm2 version: ~3.9.14 - Node version: 18.15.0, 19.8.1, 17.9.1 ### Impact A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. ### Patches This vulnerability was patched in the release of version `3.9.15` of `vm2`. ### Workarounds None.
受影響套件(1)
- npm/vm2from 0, < 3.9.15
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-29017
- PATCHhttps://github.com/patriksimek/vm2
- WEBhttps://gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d
- WEBhttps://github.com/patriksimek/vm2/commit/d534e5785f38307b70d3aac1945260a261a94d50
- WEBhttps://github.com/patriksimek/vm2/issues/515
- WEBhttps://github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv