Vulnerability Details : CVE-2023-29017
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.15 of vm2. There are no known workarounds.
Vulnerability category: Execute code
Products affected by CVE-2023-29017
- cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-29017
4.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-29017
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
10.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
GitHub, Inc. |
CWE ids for CVE-2023-29017
-
The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.Assigned by: security-advisories@github.com (Primary)
References for CVE-2023-29017
-
https://gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d
vm2_3.9.14_exploit_1.js · GitHubExploit
-
https://github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv
Sandbox Escape · Advisory · patriksimek/vm2 · GitHubVendor Advisory
-
https://github.com/patriksimek/vm2/issues/515
[VM2 Sandbox Escape] Vulnerability in vm2@3.9.14 · Issue #515 · patriksimek/vm2 · GitHubExploit;Issue Tracking
-
https://github.com/patriksimek/vm2/commit/d534e5785f38307b70d3aac1945260a261a94d50
Wrap host objects passes through prepareStackTrace · patriksimek/vm2@d534e57 · GitHubPatch
Jump to