Lucene search
GoogleOSV:GHSA-4W2J-2RG4-5MJWHistoryDec 21, 2022 - 6:30 a.m.
vm2 vulnerable to Arbitrary Code Execution
2022-12-2106:30:29
Google
osv.dev
4
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
The package vm2 before 3.9.10 is vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise.
Related
cve
cve
CVE-2022-25893
2022-12-21 05:15:11
prion
prion
Spoofing
2022-12-21 05:15:00
github
github
vm2 vulnerable to Arbitrary Code Execution
2022-12-21 06:30:29
cvelist
cvelist
CVE-2022-25893 Arbitrary Code Execution
2022-12-21 00:00:00
veracode
veracode
Arbitrary Code Execution
2022-12-22 06:43:25
ibm
ibm
osv
osv
CVE-2022-25893
2022-12-21 05:15:11
nvd
nvd
CVE-2022-25893
2022-12-21 05:15:11
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Related for OSV:GHSA-4W2J-2RG4-5MJW