Lucene search
+L

13 matches found

0day.today
0day.today
added 2024/03/18 12:0 a.m.427 views

vm2 - Sandbox Escape Exploit

/ Exploit Title: vm2 Sandbox Escape vulnerability Exploit Author: Calil Khalil & Adriel Mc Roberts Vendor Homepage: https://github.com/patriksimek/vm2 Software Link: https://github.com/patriksimek/vm2 Version: vm2 = 3.9.19 Tested on: Ubuntu 22.04 CVE : CVE-2023-37466 / const VM = require"vm2";...

10CVSS9.5AI score0.02925EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/03/18 12:0 a.m.516 views

vm2 3.9.19 Sandbox Escape

/ Exploit Title: vm2 Sandbox Escape vulnerability Date: 23/12/2023 Exploit Author: Calil Khalil & Adriel Mc Roberts Vendor Homepage: https://github.com/patriksimek/vm2 Software Link: https://github.com/patriksimek/vm2 Version: vm2 = 3.9.19 Tested on: Ubuntu 22.04 CVE : CVE-2023-37466 / const VM =...

10CVSS7.4AI score0.02925EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/03/16 12:0 a.m.406 views

vm2 - sandbox escape

/ Exploit Title: vm2 Sandbox Escape vulnerability Date: 23/12/2023 Exploit Author: Calil Khalil & Adriel Mc Roberts Vendor Homepage: https://github.com/patriksimek/vm2 Software Link: https://github.com/patriksimek/vm2 Version: vm2 = 3.9.19 Tested on: Ubuntu 22.04 CVE : CVE-2023-37466 / const VM =...

10CVSS9.8AI score0.02925EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 1:58 p.m.39 views

Security Bulletin: IBM Instana Observability for Synthetic PoP is affected by vulnerabilities in vm2

Summary Vulnerabilities in vm2 were addressed in IBM Observability with Instana for Synthetic PoP build 256 CVE-2023-37903, CVE-2023-37466 Vulnerability Details CVEID:CVE-2023-37903 DESCRIPTION: Node.js vm2 module could allow a remote attacker to execute arbitrary code on the system, caused by a...

10CVSS10AI score0.02925EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/11 4:26 p.m.72 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules protobuf.js, vm2 and word-wrap [CVE-2023-36665, CVE-2023-37903, CVE-2023-37466 and CVE-2023-26115]

Summary IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules protobuf.js, vm2 and word-wrap CVE-2023-36665, CVE-2023-37903, CVE-2023-37466 and CVE-2023-26115. The fix includes protobuf.js =7.2.4, word-wrap =1.2.5 and vm2 has been removed from...

10CVSS8.5AI score0.02925EPSS
Exploits7Affected Software1
RedHat Linux
RedHat Linux
added 2023/09/05 3:51 p.m.44 views

Critical: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.7 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.6.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a...

10CVSS7.2AI score0.02925EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2023/09/05 1:4 p.m.61 views

Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.8 security updates and bug fixes

Multicluster Engine for Kubernetes 2.1.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

10CVSS7.2AI score0.02925EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2023/08/30 2:17 p.m.41 views

Critical: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.1 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.8.1 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a...

10CVSS7AI score0.02925EPSS
Exploits5References6
RedHat Linux
RedHat Linux
added 2023/08/29 4:8 p.m.52 views

Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.3.1 security updates and bug fixes

Multicluster Engine for Kubernetes 2.3.1 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

10CVSS7.2AI score0.02925EPSS
Exploits5References5
OpenVAS
OpenVAS
added 2023/07/14 12:0 a.m.34 views

vm2 Sandbox Escape Vulnerability (GHSA-cchq-frgv-rjh5)

vm2 is prone to a sandbox escape vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vm2project:vm2"; ifdescription...

7.5AI score
Exploits0References2
CVE
CVE
added 2023/07/13 11:17 p.m.131 views

CVE-2023-37466

CVE-2023-37466 — vm2 (Node.js sandbox): The initial description confirms critical sandbox escape risk in vm2 versions up to 3.9.19 due to bypass of Promise handler sanitization via the @@species accessor, enabling attackers to escape the sandbox and potentially achieve remote code execution withi...

10CVSS9.1AI score0.02925EPSS
Exploits4References4Affected Software1
OSV
OSV
added 2023/07/13 11:17 p.m.31 views

CVE-2023-37466 vm2 Sandbox Escape vulnerability

vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed with the @@species accessor property...

9.8CVSS9.2AI score0.02925EPSS
Exploits4References6
Circl
Circl
added 2023/07/12 12:40 p.m.7 views

CVE-2023-37466

creationtimestamp| type| source ---|---|--- 2023-07-12 12:40:24+00:00| published-proof-of-concept| https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5 2023-07-14 07:11:58+00:00| seen| https://t.me/cibsecurity/66711 2024-02-01 17:16:30+00:00| seen| https://t.me/ctinow/177684...

10CVSS7.5AI score0.02925EPSS
Exploits4References6
Rows per page
Query Builder