12 matches found
Exploit for Injection in Vm2_Project Vm2
CVE-2023-30547 vm2 is a sandbox that can run untrusted code wi...
Node.js Module vm2 < 3.9.16 Sandbox Breakout
There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor c...
Arbitrary Code Injection
vm2 is vulnerable to Code Injection. The vulnerability exists due to lack of exception sanitization in the handleException function which allows an attacker to inject and execute malicious code and break out of the sandboxed enviroment...
Critical: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6 hotfix security update for console
Red Hat Advanced Cluster Management for Kubernetes hotfix security update for console Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1 hotfix security update for console
Multicluster Engine for Kubernetes 2.1 hotfix security update for console Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.0 hotfix security update for console
Red Hat Multicluster Engine Hotfix Security Update for Console Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Code injection
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException which can be used to escape the sandbox...
CVE-2023-30547 Sandbox Escape in vm2
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException which can be used to escape the sandbox...
CVE-2023-30547
The connected IBM security bulletin confirms CVE-2023-30547 for vm2: a flaw in exception sanitization allows raising an unsanitized host exception inside handleException(), enabling sandbox escape and potential code execution in the host. Affected vm2 versions up to 3.9.16 are vulnerable; the iss...
CVE-2023-30547 Sandbox Escape in vm2
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException which can be used to escape the sandbox...
CVE-2023-30547 Sandbox Escape in vm2
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException which can be used to escape the sandbox...
CVE-2023-29199 vm2 Sandbox escape vulnerability
There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor c...