Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-23555

Опубликовано: 11 фев. 2022
Источник: redhat
CVSS3: 9.8

Описание

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.

A flaw was found in vm2, where the sandbox can be bypassed via direct access to host error objects generated by node internals during the generation of stack traces. This flaw allows an attacker to execute arbitrary code on the host machine.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/console-rhel8Affected
Red Hat Advanced Cluster Management for Kubernetes 2acm-grafana-containerFixedRHSA-2022:168103.05.2022
Red Hat Advanced Cluster Management for Kubernetes 2acm-must-gather-containerFixedRHSA-2022:168103.05.2022
Red Hat Advanced Cluster Management for Kubernetes 2acm-operator-bundle-containerFixedRHSA-2022:168103.05.2022
Red Hat Advanced Cluster Management for Kubernetes 2application-ui-containerFixedRHSA-2022:168103.05.2022
Red Hat Advanced Cluster Management for Kubernetes 2assisted-image-service-containerFixedRHSA-2022:168103.05.2022
Red Hat Advanced Cluster Management for Kubernetes 2cert-policy-controller-containerFixedRHSA-2022:168103.05.2022
Red Hat Advanced Cluster Management for Kubernetes 2cluster-backup-operator-containerFixedRHSA-2022:168103.05.2022
Red Hat Advanced Cluster Management for Kubernetes 2clusterclaims-controller-containerFixedRHSA-2022:168103.05.2022
Red Hat Advanced Cluster Management for Kubernetes 2cluster-curator-controller-containerFixedRHSA-2022:168103.05.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-562
https://bugzilla.redhat.com/show_bug.cgi?id=2054114vm2: vulnerable to Sandbox Bypass

9.8 Critical

CVSS3

Связанные уязвимости

nvd логотип

CVE-2021-23555

CVSS3: 9.8
nvd
почти 4 года назад

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.

github логотип

GHSA-6pw2-5hjv-9pf7

CVSS3: 9.8
github
почти 4 года назад

Sandbox bypass in vm2

9.8 Critical

CVSS3