GoogleOSV:GHSA-WF5X-CR3R-XR77vm2 before 3.6.11 vulnerable to sandbox escape
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
0.002 Low
EPSS
Percentile
53.4%
This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the “sandboxed” context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code running the script allowing it to spawn a child_process and execute arbitrary code.
References
gist.github.com/JLLeitschuh/609bb2efaff22ed84fe182cf574c023a
github.com/patriksimek/vm2
github.com/patriksimek/vm2/commit/4b22d704e4794af63a5a2d633385fd20948f6f90
github.com/patriksimek/vm2/issues/197
github.com/patriksimek/vm2/issues/197#issuecomment-480643832
nvd.nist.gov/vuln/detail/CVE-2019-10761
snyk.io/vuln/SNYK-JS-VM2-473188
Related
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
0.002 Low
EPSS
Percentile
53.4%