13 matches found
vm2 - Sandbox Escape Exploit
/ Exploit Title: vm2 Sandbox Escape vulnerability Exploit Author: Calil Khalil & Adriel Mc Roberts Vendor Homepage: https://github.com/patriksimek/vm2 Software Link: https://github.com/patriksimek/vm2 Version: vm2 = 3.9.19 Tested on: Ubuntu 22.04 CVE : CVE-2023-37466 / const VM = require"vm2";...
vm2 3.9.19 Sandbox Escape
/ Exploit Title: vm2 Sandbox Escape vulnerability Date: 23/12/2023 Exploit Author: Calil Khalil & Adriel Mc Roberts Vendor Homepage: https://github.com/patriksimek/vm2 Software Link: https://github.com/patriksimek/vm2 Version: vm2 = 3.9.19 Tested on: Ubuntu 22.04 CVE : CVE-2023-37466 / const VM =...
vm2 - sandbox escape
/ Exploit Title: vm2 Sandbox Escape vulnerability Date: 23/12/2023 Exploit Author: Calil Khalil & Adriel Mc Roberts Vendor Homepage: https://github.com/patriksimek/vm2 Software Link: https://github.com/patriksimek/vm2 Version: vm2 = 3.9.19 Tested on: Ubuntu 22.04 CVE : CVE-2023-37466 / const VM =...
Security Bulletin: IBM Instana Observability for Synthetic PoP is affected by vulnerabilities in vm2
Summary Vulnerabilities in vm2 were addressed in IBM Observability with Instana for Synthetic PoP build 256 CVE-2023-37903, CVE-2023-37466 Vulnerability Details CVEID:CVE-2023-37903 DESCRIPTION: Node.js vm2 module could allow a remote attacker to execute arbitrary code on the system, caused by a...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules protobuf.js, vm2 and word-wrap [CVE-2023-36665, CVE-2023-37903, CVE-2023-37466 and CVE-2023-26115]
Summary IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules protobuf.js, vm2 and word-wrap CVE-2023-36665, CVE-2023-37903, CVE-2023-37466 and CVE-2023-26115. The fix includes protobuf.js =7.2.4, word-wrap =1.2.5 and vm2 has been removed from...
Critical: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.7 security and bug fix updates
Red Hat Advanced Cluster Management for Kubernetes 2.6.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a...
Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.8 security updates and bug fixes
Multicluster Engine for Kubernetes 2.1.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Critical: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.1 security and bug fix updates
Red Hat Advanced Cluster Management for Kubernetes 2.8.1 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a...
Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.3.1 security updates and bug fixes
Multicluster Engine for Kubernetes 2.3.1 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
vm2 Sandbox Escape Vulnerability (GHSA-cchq-frgv-rjh5)
vm2 is prone to a sandbox escape vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vm2project:vm2"; ifdescription...
CVE-2023-37466
CVE-2023-37466 — vm2 (Node.js sandbox): The initial description confirms critical sandbox escape risk in vm2 versions up to 3.9.19 due to bypass of Promise handler sanitization via the @@species accessor, enabling attackers to escape the sandbox and potentially achieve remote code execution withi...
CVE-2023-37466 vm2 Sandbox Escape vulnerability
vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed with the @@species accessor property...
CVE-2023-37466
creationtimestamp| type| source ---|---|--- 2023-07-12 12:40:24+00:00| published-proof-of-concept| https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5 2023-07-14 07:11:58+00:00| seen| https://t.me/cibsecurity/66711 2024-02-01 17:16:30+00:00| seen| https://t.me/ctinow/177684...