13 matches found
Security Bulletin: IBM Instana Observability for Synthetic PoP is affected by vulnerabilities in vm2
Summary Vulnerabilities in vm2 were addressed in IBM Observability with Instana for Synthetic PoP build 256 CVE-2023-37903, CVE-2023-37466 Vulnerability Details CVEID:CVE-2023-37903 DESCRIPTION: Node.js vm2 module could allow a remote attacker to execute arbitrary code on the system, caused by a...
Exploit for OS Command Injection in Vm2_Project Vm2
CVE-2023-37903 Expl...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules protobuf.js, vm2 and word-wrap [CVE-2023-36665, CVE-2023-37903, CVE-2023-37466 and CVE-2023-26115]
Summary IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules protobuf.js, vm2 and word-wrap CVE-2023-36665, CVE-2023-37903, CVE-2023-37466 and CVE-2023-26115. The fix includes protobuf.js =7.2.4, word-wrap =1.2.5 and vm2 has been removed from...
Critical: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.7 security and bug fix updates
Red Hat Advanced Cluster Management for Kubernetes 2.6.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a...
Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.8 security updates and bug fixes
Multicluster Engine for Kubernetes 2.1.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Critical: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.1 security and bug fix updates
Red Hat Advanced Cluster Management for Kubernetes 2.8.1 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a...
Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.3.1 security updates and bug fixes
Multicluster Engine for Kubernetes 2.3.1 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Critical: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.7 security and bug fix updates
Red Hat Advanced Cluster Management for Kubernetes 2.7.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a...
Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.7 security updates and bug fixes
Multicluster Engine for Kubernetes 2.2.7 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
CVE-2023-37903
CVE-2023-37903 — vm2 (Node.js sandbox) Affected: vm2 versions up to and including 3.9.19, which is an open-source VM/sandbox for Node.js. Root cause: The library’s sandbox escape can be triggered via the Node.js custom inspect function, enabling an attacker to escape the sandbox and execute code ...
CVE-2023-37903 Sandbox Escape in vm2
vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive insid...
vm2 Sandbox Escape Vulnerability (GHSA-cchq-frgv-rjh5)
vm2 is prone to a sandbox escape vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vm2project:vm2"; ifdescription...
2broke2wait (=0.1.0), 2ch-fetcher-with-proxy (>=1.0.0 <=1.0.1) +4099 more potentially affected by CVE-2023-37903 via vm2 (>=1.0.1 <=3.9.19)
vm2 NPM version =1.0.1, =1.0.0, =15.0.0, =5.1.3, =1.0.2, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.2.48, =0.12.5-20190619040852, =0.2.46, =0.24.1-20230627140514 and more Source cves: CVE-2023-37903 Source advisory: OSV:GHSA-G644-9GFX-Q4Q4...