10 matches found
ROOT-APP-NPM-CVE-2023-32314 CVE-2023-32314 in @rootio/vm2 - Patched by Root
Root has patched CVE-2023-32314 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands is vulnerable to arbitrary code execution due to [CVE-2023-32314]
Summary Node.js module vm2 is used by IBM App Connect Enterprise Certified Container in Designer flows by the Box connector. IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address...
Critical: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5.9 security fixes and container updates
Red Hat Advanced Cluster Management for Kubernetes 2.5.9 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which...
Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.0.9 security fixes and container updates
Multicluster Engine for Kubernetes 2.0.9 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...
Critical: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.6 security fixes and container updates
Red Hat Advanced Cluster Management for Kubernetes 2.6.6 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which...
Critical: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.4 security fixes and container updates
Red Hat Advanced Cluster Management for Kubernetes 2.7.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which...
vm2 < 3.9.18 Multiple Vulnerabilities
vm2 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vm2project:vm2"; ifdescription...
CVE-2023-32314 Sandbox Escape
vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of Proxy. As a result a threat actor can bypass the sandbox...
CVE-2023-32314
VM2 security summary (CVE family) VM2’s sandbox has multiple confirmed security issues affecting versions up to 3.9.19, including sandbox escapes and remote code execution. Notable entries in connected docs describe: (1) escape via host objects created under Proxy in vm2
CVE-2023-32314 Sandbox Escape
vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of Proxy. As a result a threat actor can bypass the sandbox...