Lucene search

CVE-2023-29017

🗓️ 06 Apr 2023 20:08:15Reported by [email protected]Type

vm2 sandbox allows remote code execution via unhandled async error

Reporter	Title	Published	Views	Family All 27
Cvelist	CVE-2023-29017 vm2 Sandbox Escape vulnerability	6 Apr 202319:18	–	cvelist
Tenable Nessus	Node.js Module vm2 < 3.9.15 Sandbox Breakout	7 Apr 202300:00	–	nessus
F5 Networks	K000134725 : vm2 vulnerability CVE-2023-29017	22 May 202300:00	–	f5
Prion	Remote code execution	6 Apr 202320:15	–	prion
Veracode	Arbitrary Code Execution	11 Apr 202302:50	–	veracode
RedhatCVE	CVE-2023-29017	8 Apr 202315:59	–	redhatcve
OSV	vm2 vulnerable to sandbox escape	7 Apr 202320:35	–	osv
OSV	CVE-2023-29017	6 Apr 202320:15	–	osv
OSV	jsreport vulnerable to code injection	8 May 202318:30	–	osv
GithubExploit	Exploit for Improper Control of Dynamically-Managed Code Resources in Vm2 Project Vm2	10 Apr 202315:33	–	githubexploit

Nvd

Node

vm2_project vm2Range<3.9.15node.js

Source	Link
github	www.github.com/patriksimek/vm2/issues/515
github	www.github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv
github	www.github.com/patriksimek/vm2/commit/d534e5785f38307b70d3aac1945260a261a94d50
gist	www.gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

06 Apr 2023 20:15Current

10High risk

Vulners AI Score10

CVSS39.8

EPSS0.02031

CWE-913