vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade.
Metrics
Affected Vendors & Products
References
History
Sun, 08 Sep 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:acm:2.5::el8 cpe:/a:redhat:acm:2.6::el8 cpe:/a:redhat:multicluster_engine:2.0::el8 cpe:/a:redhat:multicluster_engine:2.1::el8 |
Mon, 19 Aug 2024 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:acm:2.6::el8 cpe:/a:redhat:multicluster_engine:2.0::el8 cpe:/a:redhat:multicluster_engine:2.1::el8 |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-04-17T21:42:10.514Z
Updated: 2024-08-02T14:28:51.599Z
Reserved: 2023-04-12T15:19:33.767Z
Link: CVE-2023-30547
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-04-17T22:15:10.487
Modified: 2024-11-21T08:00:24.030
Link: CVE-2023-30547
Redhat