Lucene search
K

6 matches found

Cvelist
Cvelist
added 2022/12/21 11:14 p.m.36 views

CVE-2022-25893 Arbitrary Code Execution

The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise...

9.8CVSS9.9AI score0.01425EPSS
Exploits1References4
CVE
CVE
added 2022/12/21 11:14 p.m.109 views

CVE-2022-25893

CVE-2022-25893 affects the vm2 Node.js module (pre-3.9.10) and is caused by a prototype pollution flaw in WeakMap.prototype.set, enabling an attacker to access host objects and potentially compromise the sandbox, leading to arbitrary code execution. Reported impact in the sources: remote code exe...

9.8CVSS9.7AI score0.01425EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsv
added 2022/12/21 6:30 a.m.6 views

2broke2wait (=0.1.0), 2ch-fetcher-with-proxy (>=1.0.0 <=1.0.1) +4006 more potentially affected by CVE-2022-25893 via vm2 (>=1.0.1 <=3.9.1)

vm2 NPM version =1.0.1, =1.0.0, =15.0.0, =5.1.3, =1.0.2, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.2.48, =0.12.5-20190619040852, =0.2.46, =0.23.0-alpha.1 and more Source cves: CVE-2022-25893 Source advisory: OSV:GHSA-4W2J-2RG4-5MJW...

9.8CVSS7.2AI score0.01425EPSS
Exploits1
NVD
NVD
added 2022/12/21 5:15 a.m.29 views

CVE-2022-25893

The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise...

9.8CVSS0.01425EPSS
Exploits1References4
OSV
OSV
added 2022/12/21 5:15 a.m.26 views

CVE-2022-25893 Arbitrary Code Execution

The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise...

9.8CVSS7.2AI score0.01425EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2022/08/24 1:31 p.m.4 views

2broke2wait (=0.1.0), 2ch-fetcher-with-proxy (>=1.0.0 <=1.0.1) +4004 more potentially affected by CVE-2022-25893 via vm2 (>=3.0.0 <=3.9.1)

vm2 NPM version =3.0.0, =1.0.0, =15.0.0, =5.1.3, =1.0.2, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.2.48, =0.12.5-20190619040852, =0.2.46, =0.23.0-alpha.1 and more Source cves: CVE-2022-25893 Source advisory: SNYK:JS-VM2-2990237...

9.8CVSS7.2AI score0.01425EPSS
Exploits1
Rows per page
Query Builder