There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.16` of `vm2`.
Metrics
Affected Vendors & Products
References
History
Sun, 08 Sep 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:acm:2.5::el8 cpe:/a:redhat:acm:2.6::el8 cpe:/a:redhat:multicluster_engine:2.0::el8 cpe:/a:redhat:multicluster_engine:2.1::el8 |
Mon, 19 Aug 2024 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:acm:2.6::el8 cpe:/a:redhat:multicluster_engine:2.0::el8 cpe:/a:redhat:multicluster_engine:2.1::el8 |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-04-14T18:37:03.847Z
Updated: 2024-08-02T14:00:15.886Z
Reserved: 2023-04-03T13:37:18.454Z
Link: CVE-2023-29199
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-04-14T19:15:09.337
Modified: 2024-11-21T07:56:42.080
Link: CVE-2023-29199
Redhat