23 matches found
CVE-2023-51661
Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This...
Malicious code in wasmer-term (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e66b8e03768b197df9ac09bcb9d0dc5b58d3bf49ea8d2474649c6aad97e9f18e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1262 Malicious code in wasmer-term (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e66b8e03768b197df9ac09bcb9d0dc5b58d3bf49ea8d2474649c6aad97e9f18e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-38358
Wasmer is a web assembly wasm Runtime supporting WASIX, WASI and Emscripten. If the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access host filesystem if the caller sets both oflags::creat and rights::fdwrite. Programs can also crash the runtime ...
CVE-2024-38358 vulnerabilities
Vulnerabilities for packages: wasmer, zellij...
CVE-2024-38358 vulnerabilities
Vulnerabilities for packages: wasmer, zellij...
CVE-2024-38358
Wasmer (a WASM runtime) is affected by CVE-2024-38358 due to a bug where preopened directories containing a symlink pointing outside can be exploited to traverse the symlink and access the host filesystem if the caller uses both oflags::creat and rights::fd_write. The issue can also crash the run...
CVE-2024-38358 Symlink bypasses filesystem sandbox in wasmer
Wasmer is a web assembly wasm Runtime supporting WASIX, WASI and Emscripten. If the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access host filesystem if the caller sets both oflags::creat and rights::fdwrite. Programs can also crash the runtime ...
CVE-2024-38358 Symlink bypasses filesystem sandbox in wasmer
Wasmer is a web assembly wasm Runtime supporting WASIX, WASI and Emscripten. If the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access host filesystem if the caller sets both oflags::creat and rights::fdwrite. Programs can also crash the runtime ...
CVE-2024-38358 Symlink bypasses filesystem sandbox in wasmer
Wasmer is a web assembly wasm Runtime supporting WASIX, WASI and Emscripten. If the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access host filesystem if the caller sets both oflags::creat and rights::fdwrite. Programs can also crash the runtime ...
Wasmer Security Breach
Wasmer is a Wasmer open source application that enables lightweight containers to run anywhere. A security vulnerability exists in Wasmer versions prior to 4.3.2 that stems from bypassing the file system sandbox...
GHSA-55F3-3QVG-8PV5 vulnerabilities
Vulnerabilities for packages: wasmer, zellij...
acme-compilers (>=0.2.2 <=0.2.4), acvm (>=0.23.0 <=0.26.1) +158 more potentially affected by CVE-2024-38358 via wasmer (>=0.17.1 <=4.3.0-beta.1)
wasmer CARGO version =0.17.1, =0.2.2, =0.23.0, =0.23.0, =0.1.0, =0.4.0-alpha.0, =0.23.0, =0.1.0, =1.1.0, =0.13.2, =0.13.0, =1.3.4 and more Source cves: CVE-2024-38358 Source advisory: OSV:GHSA-55F3-3QVG-8PV5...
GHSA-55F3-3QVG-8PV5 Symlink bypasses filesystem sandbox
Summary If the preopened directory has a symlink pointing outside, WASI programs can traverse the symlink and access host filesystem if the caller sets both oflags::creat and rights::fdwrite. Programs can also crash the runtime by creating a symlink pointing outside with pathsymlink and pathopeni...
GHSA-55F3-3QVG-8PV5 vulnerabilities
Vulnerabilities for packages: wasmer, zellij...
CVE-2023-51661
Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This...
CVE-2023-51661 Filesystem sandbox not enforced in wasmer-cli
Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This...
CVE-2023-51661
CVE-2023-51661 affects Wasmer WebAssembly runtime; in Wasmer versions prior to 4.2.4, Wasm programs could access files outside the sandbox, exposing the host filesystem. The issue is documented across multiple sources (e.g., GHSA-4MQ4-7RW3-VM5J, Red Hat advisory) and is noted as fixed in Wasmer 4...
CVE-2023-51661 Filesystem sandbox not enforced in wasmer-cli
Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This...
CVE-2023-51661 Filesystem sandbox not enforced in wasmer-cli
Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This...