CVE-2023-29199

Published on: Not Yet Published

Last Modified on: 04/25/2023 03:14:00 PM UTC

CVE-2023-29199 - advisory for GHSA-xj72-wvfv-8985

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Certain versions of Vm2 from Vm2 Project contain the following vulnerability:

There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.16` of `vm2`.

CVE-2023-29199 has been assigned by [email protected] to track the vulnerability - currently rated as CRITICAL severity.
Affected Vendor/Software: patriksimek - vm2 version = < 3.9.16

CVSS3 Score: 10 - CRITICAL

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
NETWORK	LOW	NONE	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
CHANGED	HIGH	HIGH	HIGH

CVE References

Description	Tags ^ⓘ	Link
Release 3.9.16 · patriksimek/[email protected] · GitHub	github.com text/html	MISC github.com/patriksimek/vm2/commit/24c724daa7c09f003e556d7cd1c7a8381cb985d7
Release 3.9.16 · patriksimek/vm2 · GitHub	github.com text/html	MISC github.com/patriksimek/vm2/releases/tag/3.9.16
Sandbox Escape in [email protected] · Issue #516 · patriksimek/vm2 · GitHub	github.com text/html	MISC github.com/patriksimek/vm2/issues/516
Sandbox Escape · Advisory · patriksimek/vm2 · GitHub	github.com text/html	MISC github.com/patriksimek/vm2/security/advisories/GHSA-xj72-wvfv-8985
Sandbox Escape in [email protected] · GitHub	gist.github.com text/html	MISC gist.github.com/leesh3288/f05730165799bf56d70391f3d9ea187c

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

378431 vm2 NPM Package Remote Code Execution (RCE) Vulnerability (GHSA-xj72-wvfv-8985)

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Vm2 Project	Vm2	All	All	All	All

cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@the_yellow_fall	CVE-2023-29199: Critical Sandbox Escape Vulnerability in VM2 library securityonline.info/cve-2023-29199… #opensource #infosec #security #pentesting	2023-04-13 03:05:24
@AcooEdi	CVE-2023-29199: Critical Sandbox Escape Vulnerability in VM2 library dlvr.it/SmPWNd via securityonline https://t.co/MTqnvZv0A2	2023-04-13 03:08:35
@PentestingN	CVE-2023-29199: Critical Sandbox Escape Vulnerability in VM2 library securityonline.info/cve-2023-29199…	2023-04-13 09:37:29
@autumn_good_35	『先に判明した「CVE-2023-29017」とは異なる脆弱性であり、再度アップデートが必要となる』 CVE-2023-29199 サンドボックス「vm2」に深刻な脆弱性 - 前回から5日後に再度修正 security-next.com/145339	2023-04-13 10:17:17
@autumn_good_35	CVE-2023-29199 vm2 Sandbox Escape vulnerability github.com/advisories/GHS…	2023-04-13 10:17:18
/r/spixnet_gmbh_official	Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution	2023-04-25 13:32:25