Описание
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.11 of vm2. There are no known workarounds.
Ссылки
- ExploitThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
EPSS
10 Critical
CVSS3
Дефекты
Связанные уязвимости
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.11 of vm2. There are no known workarounds.
vm2 vulnerable to Sandbox Escape resulting in Remote Code Execution on host
Уязвимость библиотеки vm2 пакетного менеджера NPM, позволяющая нарушителю выполнить произвольный код
EPSS
10 Critical
CVSS3