4 matches found
CVE-2024-38358 vulnerabilities
Vulnerabilities for packages: wasmer, zellij...
CVE-2024-38358
Wasmer (a WASM runtime) is affected by CVE-2024-38358 due to a bug where preopened directories containing a symlink pointing outside can be exploited to traverse the symlink and access the host filesystem if the caller uses both oflags::creat and rights::fd_write. The issue can also crash the run...
CVE-2024-38358 Symlink bypasses filesystem sandbox in wasmer
Wasmer is a web assembly wasm Runtime supporting WASIX, WASI and Emscripten. If the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access host filesystem if the caller sets both oflags::creat and rights::fdwrite. Programs can also crash the runtime ...
acme-compilers (>=0.2.2 <=0.2.4), acvm (>=0.23.0 <=0.26.1) +159 more potentially affected by CVE-2024-38358 via wasmer (>=0.17.1 <=4.3.0-beta.1)
wasmer CARGO version =0.17.1, =0.2.2, =0.23.0, =0.23.0, =0.1.0, =0.4.0-alpha.0, =0.23.0, =0.1.0, =0.1.1, =1.1.0, =0.13.2, =0.13.6 and more Source cves: CVE-2024-38358 Source advisory: OSV:GHSA-55F3-3QVG-8PV5...