Lucene search
PRIOn knowledge basePRION:CVE-2022-39266HistorySep 29, 2022 - 6:15 p.m.
Design/Logic Flaw
2022-09-2918:15:00
PRIOn knowledge base
www.prio-n.com
3
isolated-vm
nodejs
logic flaw
bypass sandbox
arbitrary code
nvd
isolated-vm is a library for nodejs which gives the user access to v8’s Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. Version 4.3.7 changes the documentation to warn users that they should not accept cachedData payloads from a user.
| CPE | Name | Operator | Version |
|---|---|---|---|
| isolated-vm | le | 4.3.6 |
Related
osv
osv
isolated-vm has vulnerable CachedDataOptions in API
2022-09-30 22:59:03
CVE-2022-39266
2022-09-29 18:15:10
veracode
veracode
Arbitrary Code Execution
2022-09-30 15:53:47
github
github
isolated-vm has vulnerable CachedDataOptions in API
2022-09-30 22:59:03
cve
cve
CVE-2022-39266
2022-09-29 18:15:10
nvd
nvd
CVE-2022-39266
2022-09-29 18:15:10
cvelist
cvelist
CVE-2022-39266 isolated-vm has vulnerable CachedDataOptions in API
2022-09-29 18:10:08