Published: 06/09/2022 Updated: 08/11/2022

CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9

VMScore: 0

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.11 of vm2. There are no known workarounds.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vm2 project vm2

Synopsis Critical: Red Hat Advanced Cluster Management 261 security fix and bug fix Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 261 release images, which provide security fixes, bug fixes, and update container imagesRed Hat Product Security has rated this update as having a security ...

Synopsis Critical: Multicluster Engine for Kubernetes 211 security update and bug fixes Type/Severity Security Advisory: Critical Topic Multicluster Engine for Kubernetes 211 General Availability release images, which fix bugs and update container imagesRed Hat Product Security has rated this update as having a security impactof Critical ...

Synopsis Critical: Red Hat Advanced Cluster Management 252 security fixes and bug fixes Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 252 GeneralAvailability release images, which fix security issues and bugsRed Hat Product Security has rated this update as having a security impactof C ...

Synopsis Critical: Multicluster Engine for Kubernetes 202 security and bug fixes Type/Severity Security Advisory: Critical Topic Multicluster Engine for Kubernetes 202 General Availability release images, which fix bugs and update container imagesRed Hat Product Security has rated this update as having a security impactof Critical A Com ...

Synopsis Critical: Red Hat Advanced Cluster Management 246 security update and bug fixes Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 246 GeneralAvailability release images, which fix bugs and update container imagesRed Hat Product Security has rated this update as having a security i ...

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules In versions prior to version 3911, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox This vulnerability was patched in the release of version 3911 of vm2 There are no known workarounds ...

This repo contains payload for the CVE-2022-36067

Exploit-For-CVE-2022-36067 This repo contains payload for the CVE-2022-36067 How to exploit? Paste the payload given in payloadjs along with the command you want to run Test on local machine To test on local machine, git clone the repo, install the dependecies and run appjs using node If the application is vulnerable, the code will get executed successfully If not, it wil

CWE-913 https://github.com/patriksimek/vm2/commit/d9a7f3cc995d3d861e1380eafb886cb3c5e2b873#diff-b1a515a627d820118e76d0e323fe2f0589ed50a1eacb490f6c3278fe3698f164 https://github.com/patriksimek/vm2/issues/467 https://github.com/patriksimek/vm2/blob/master/lib/setup-sandbox.js#L71 https://github.com/patriksimek/vm2/security/advisories/GHSA-mrgp-mrhc-5jrq https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067 https://security.netapp.com/advisory/ntap-20221017-0002/https://nvd.nist.gov https://github.com/Prathamrajgor/Exploit-For-CVE-2022-36067 https://access.redhat.com/errata/RHSA-2022:6427 https://access.redhat.com/security/cve/cve-2022-36067

CVE-2022-36067

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect