CVE-2023-29017 vm2 Sandbox Escape vulnerability

🗓️ 06 Apr 2023 19:18:34Reported by GoogleType

osv

osv🔗 osv.dev👁 19 Views

VM2 sandbox bypass vulnerability patched in version 3.9.15

Reporter	Title	Published	Views	Family All 33
Huntr	An outdated dependency leads to to remote command execution vulnerability	10 Apr 202316:20	–	huntr
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs	27 Apr 202310:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and Integration Runtime operands that run Designer flows containing a Box node may be vulnerable to arbitrary code execution due to [CVE-2023-29017]	27 Apr 202315:51	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to multiple vulnerabilities	28 Jul 202301:39	–	ibm
BDU FSTEC	The vulnerability of the Error.prepareStackTrace object in the vm2 package manager NPM allows a attacker to exit from a isolated programming environment and execute arbitrary code.	11 Apr 202300:00	–	bdu_fstec
Circl	CVE-2023-29017	6 Apr 202319:00	–	circl
CNNVD	vm2 安全漏洞	6 Apr 202300:00	–	cnnvd
CVE	CVE-2023-29017	6 Apr 202319:18	–	cve
Cvelist	CVE-2023-29017 vm2 Sandbox Escape vulnerability	6 Apr 202319:18	–	cvelist
F5 Networks	K000134725: vm2 vulnerability CVE-2023-29017	22 May 202316:54	–	f5

Source	Link
gist	www.gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2023/29xxx/CVE-2023-29017.json
github	www.github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-29017
github	www.github.com/patriksimek/vm2/issues/515
github	www.github.com/patriksimek/vm2/commit/d534e5785f38307b70d3aac1945260a261a94d50

02 Apr 2026 08:53Current

9.2High risk

Vulners AI Score9.2

CVSS 3.110

EPSS0.74958

cve-2023-29017 sandbox code execution node modules patched vulnerability