vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade.
History

Sun, 08 Sep 2024 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.5::el8
cpe:/a:redhat:acm:2.6::el8
cpe:/a:redhat:multicluster_engine:2.0::el8
cpe:/a:redhat:multicluster_engine:2.1::el8

Mon, 19 Aug 2024 22:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.5::el8
cpe:/a:redhat:acm:2.6::el8
cpe:/a:redhat:multicluster_engine:2.0::el8
cpe:/a:redhat:multicluster_engine:2.1::el8

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-04-17T21:42:10.514Z

Updated: 2024-08-02T14:28:51.599Z

Reserved: 2023-04-12T15:19:33.767Z

Link: CVE-2023-30547

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-04-17T22:15:10.487

Modified: 2024-11-21T08:00:24.030

Link: CVE-2023-30547

cve-icon Redhat

Severity : Critical

Publid Date: 2023-04-17T00:00:00Z

Links: CVE-2023-30547 - Bugzilla