Описание
vm2 Sandbox Escape vulnerability
In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code.
Impact
Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox.
Patches
None.
Workarounds
None.
References
PoC - https://gist.github.com/leesh3288/f693061e6523c97274ad5298eb2c74e9
For more information
If you have any questions or comments about this advisory:
- Open an issue in VM2
Thanks to Xion (SeungHyun Lee) of KAIST Hacking Lab for disclosing this vulnerability.
Ссылки
- https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5
- https://nvd.nist.gov/vuln/detail/CVE-2023-37466
- https://github.com/patriksimek/vm2/commit/d9a1fde8ec5a5a9c9e5a69bf91d703950859d744
- https://gist.github.com/leesh3288/f693061e6523c97274ad5298eb2c74e9
- https://github.com/patriksimek/vm2/releases/tag/v3.10.0
- https://security.netapp.com/advisory/ntap-20230831-0007
- https://security.netapp.com/advisory/ntap-20241108-0002
Пакеты
vm2
<= 3.9.19
3.10.0
Связанные уязвимости
vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox.
vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox. Version 3.10.0 contains a patch for the issue.
Уязвимость библиотеки vm2 пакетного менеджера NPM, связанная с неверным управлением генерацией кода, позволяющая нарушителю выйти из изолированной программной среды и выполнить произвольный код