4 matches found
CVE-2023-29199
There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor c...
Remote code execution
There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor c...
CVE-2023-29199 vm2 Sandbox escape vulnerability
There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor c...
CVE-2023-29199
The CVE-2023-29199 issue affects the vm2 Node.js module, specifically its source code transformer’s exception sanitization. Versions up to 3.9.15 are vulnerable to a sandbox bypass in handleException(), enabling leakage of unsanitized host exceptions and potential remote code execution in the hos...