GHSA-9C4H-3F7H-322R SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution

Impact This is a hole in the confinement of guest applications under SES that may manifest as either the ability to exfiltrate information or execute arbitrary code depending on the configuration and implementation of the surrounding host. Guest program running inside a Compartment with as few as...

CVE-2023-39532

SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...

CVE-2023-39532 SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution

SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...

CVE-2023-39532 SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution

SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...

CVE-2023-39532

SES is a JavaScript environment with a confinement hole in guest compartments that can allow exfiltration or arbitrary code execution via dynamic import after a spread operator ({...import(...)}) in vulnerable versions (0.18.0–0.18.7, 0.17.0–0.17.1, 0.16.0–0.16.1, 0.15.0–0.15.24, 0.14.0–0.14.5, 0...