8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
7.5 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
@hoppscotch/cli is vulnerable to Sandbox Escape. The vulnerability is due to the insecure usage of the Node.js vm module, which allows untrusted JavaScript code to break out of the sandbox. It allows to gain access to references of objects created outside of the vm context.
CPE | Name | Operator | Version |
---|---|---|---|
@hoppscotch/cli | le | 0.7.0 | |
@hoppscotch/js-sandbox | le | 0.1.1 | |
@hoppscotch/cli | le | 0.7.0 | |
@hoppscotch/js-sandbox | le | 0.1.1 |
github.com/advisories/GHSA-qmmm-73r2-f8xr
github.com/hoppscotch/hoppscotch/blob/faab1d20fde9a6be660db40fc73dcf28f9038008/packages/hoppscotch-js-sandbox/src/pre-request/node-vm/index.ts#L23-L31
github.com/hoppscotch/hoppscotch/commit/22c6eabd133195d22874250a5ae40cb26b851b01
github.com/hoppscotch/hoppscotch/pull/3973
github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qmmm-73r2-f8xr
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
7.5 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%