CVE-2023-51661

Опубликовано: 22 дек. 2023

Источник: nvd

CVSS3: 8.4

CVSS3: 8.6

EPSS Низкий

Описание

Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4.

Ссылки

https://github.com/wasmerio/wasmer/commit/4d63febf9d8b257b0531963b85df48d45d0dbf3c
Patch
https://github.com/wasmerio/wasmer/issues/4267
Issue Tracking
https://github.com/wasmerio/wasmer/security/advisories/GHSA-4mq4-7rw3-vm5j
Exploit
Vendor Advisory
https://github.com/wasmerio/wasmer/commit/4d63febf9d8b257b0531963b85df48d45d0dbf3c
Patch
https://github.com/wasmerio/wasmer/issues/4267
Issue Tracking
https://github.com/wasmerio/wasmer/security/advisories/GHSA-4mq4-7rw3-vm5j
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wasmer:wasmer:*:*:*:*:*:rust:*:*

Версия от 3.0.0 (включая) до 4.2.4 (исключая)

EPSS

Процентиль: 57%

0.00354

Низкий

8.4 High

CVSS3

8.6 High

CVSS3

Дефекты

CWE-284

NVD-CWE-Other

Связанные уязвимости

GHSA-4mq4-7rw3-vm5j

CVSS3: 8.4

github

около 2 лет назад

Wasmer filesystem sandbox not enforced

EPSS

Процентиль: 57%

0.00354

Низкий

8.4 High

CVSS3

8.6 High

CVSS3

Дефекты

CWE-284

NVD-CWE-Other