Lucene search
K

14 matches found

OSV
OSV
added 2023/05/08 6:30 p.m.29 views

GHSA-G7RJ-Q722-245G jsreport vulnerable to code injection

jsreport prior to 3.11.3 had a version of vm2 vulnerable to CVE-2023-29017 hard coded in the package.json of the jsreport-core component. An attacker can use this vulnerability to obtain the authority of the jsreport playground server, or construct a malicious webpage/html file and send it to the...

10CVSS9.3AI score0.01128EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2023/05/08 6:30 p.m.40 views

jsreport vulnerable to code injection

jsreport prior to 3.11.3 had a version of vm2 vulnerable to CVE-2023-29017 hard coded in the package.json of the jsreport-core component. An attacker can use this vulnerability to obtain the authority of the jsreport playground server, or construct a malicious webpage/html file and send it to the...

10CVSS8.7AI score0.01128EPSS
Exploits1References5Affected Software1
OpenVAS
OpenVAS
added 2023/05/02 12:0 a.m.21 views

vm2 < 3.9.15 Sandbox Escape Vulnerability

vm2 is prone to a sandbox escape vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vm2project:vm2"; ifdescription...

10CVSS9.7AI score0.63186EPSS
Exploits2References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/27 3:51 p.m.26 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and Integration Runtime operands that run Designer flows containing a Box node may be vulnerable to arbitrary code execution due to [CVE-2023-29017]

Summary Node.js module vm2 is used by IBM App Connect Enterprise Certified Container for communications with Box via the Box connector. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run Designer flows containing a Box node may be vulnerable ...

10CVSS9.9AI score0.63186EPSS
Exploits2Affected Software1
RedHat Linux
RedHat Linux
added 2023/04/20 2:15 a.m.48 views

Critical: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6 hotfix security update for console

Red Hat Advanced Cluster Management for Kubernetes hotfix security update for console Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

10CVSS7.5AI score0.72087EPSS
Exploits8References4
RedHat Linux
RedHat Linux
added 2023/04/20 1:52 a.m.44 views

Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1 hotfix security update for console

Multicluster Engine for Kubernetes 2.1 hotfix security update for console Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

10CVSS7.5AI score0.72087EPSS
Exploits8References4
RedHat Linux
RedHat Linux
added 2023/04/20 1:50 a.m.61 views

Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.0 hotfix security update for console

Red Hat Multicluster Engine Hotfix Security Update for Console Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

10CVSS7.5AI score0.72087EPSS
Exploits8References4
RedHat Linux
RedHat Linux
added 2023/04/20 1:38 a.m.72 views

Critical: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.3 security fixes and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.7.3 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which...

10CVSS7AI score0.72087EPSS
Exploits9References6
RedHat Linux
RedHat Linux
added 2023/04/19 11:49 p.m.45 views

Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.3 security updates and bug fixes

Multicluster Engine for Kubernetes 2.2.3 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

10CVSS7AI score0.72087EPSS
Exploits9References5
The Hacker News
The Hacker News
added 2023/04/08 5:4 a.m.60 views

Researchers Discover Critical Remote Code Execution Flaw in vm2 Sandbox Library

The maintainers of the vm2 JavaScript sandbox module have shipped a patch to address a critical flaw that could be abused to break out of security boundaries and execute arbitrary shellcode. The flaw, which affects all versions, including and prior to 3.9.14, was reported by researchers from Sout...

10CVSS10.1AI score0.63186EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2023/04/07 12:0 a.m.64 views

Node.js Module vm2 < 3.9.15 Sandbox Breakout

The version of the Node.js module vm2 installed on the remote host is prior to 3.9.15. It is, therefore affected by a sandbox breakout vulnerability. Untrusted code can break out of the sandbox created by the affected vm2 module and execute arbitrary code on the host system. Note that Nessus has...

10CVSS9AI score0.63186EPSS
Exploits2References3
OSV
OSV
added 2023/04/06 7:18 p.m.22 views

CVE-2023-29017 vm2 Sandbox Escape vulnerability

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to Error.prepareStackTrace in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code...

10CVSS9.2AI score0.63186EPSS
Exploits2References6
CVE
CVE
added 2023/04/06 7:18 p.m.220 views

CVE-2023-29017

VM2 (Node sandbox) contains a RCE flaw prior to 3.9.15 where host objects passed to Error.prepareStackTrace during unhandled async errors could bypass sandbox protections. Patched in vm2 release 3.9.15. Affected: vm2 versions before 3.9.15; remediation is to upgrade to 3.9.15 or later. The descri...

10CVSS10AI score0.63186EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/06 7:18 p.m.10 views

CVE-2023-29017 vm2 Sandbox Escape vulnerability

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to Error.prepareStackTrace in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code...

10CVSS10AI score0.63186EPSS
Exploits2References4
Rows per page
Query Builder