GHSA-cchq-frgv-rjh5
vm2 Sandbox Escape vulnerability
Details
In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code.
### Impact Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox.
### Patches None.
### Workarounds None.
### References PoC - https://gist.github.com/leesh3288/f693061e6523c97274ad5298eb2c74e9
### For more information
If you have any questions or comments about this advisory:
- Open an issue in [VM2](https://github.com/patriksimek/vm2)
Thanks to [Xion](https://twitter.com/0x10n) (SeungHyun Lee) of [KAIST Hacking Lab](https://kaist-hacking.github.io/) for disclosing this vulnerability.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2023-37466 [ADVISORY]
- https://github.com/patriksimek/vm2/commit/d9a1fde8ec5a5a9c9e5a69bf91d703950859d744 [WEB]
- https://gist.github.com/leesh3288/f693061e6523c97274ad5298eb2c74e9 [WEB]
- https://github.com/patriksimek/vm2 [PACKAGE]
- https://github.com/patriksimek/vm2/releases/tag/v3.10.0 [WEB]
- https://security.netapp.com/advisory/ntap-20230831-0007 [WEB]
- https://security.netapp.com/advisory/ntap-20241108-0002 [WEB]