Описание
Soketi was exposed to Sandbox Escape vulnerability via vm2
Impact
What kind of vulnerability is it? Who is impacted?
Anyone who might have used Soketi with the cluster driver (or through PM2).
Patches
Has the problem been patched? What versions should users upgrade to? Get the latest version of Soketi.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading? None. It's advised to upgrade to the latest version.
References
Are there any links users can visit to find out more?
Ссылки
- https://github.com/soketi/soketi/security/advisories/GHSA-g6w6-h933-4rc5
- https://github.com/Unitech/pm2/issues/5643
- https://github.com/patriksimek/vm2/issues/533
- https://github.com/soketi/soketi/pull/927
- https://github.com/soketi/soketi/commit/de12bff706c0d62e6a57dc1c7be3c4f014d0093a
- https://github.com/advisories/GHSA-cchq-frgv-rjh5
- https://github.com/soketi/soketi/releases/tag/1.6.0
Пакеты
Наименование
@soketi/soketi
npm
Затронутые версииВерсия исправления
< 1.6.0
1.6.0
9.8 Critical
CVSS3
9.8 Critical
CVSS3