Published: 17/04/2023 Updated: 28/04/2023

CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9

VMScore: 0

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing malicious users to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vm2 project vm2

Synopsis Critical: Multicluster Engine for Kubernetes 223 security updates and bug fixes Type/Severity Security Advisory: Critical Topic Multicluster Engine for Kubernetes 223 General Availability release images, which fix bugs and security updates container imagesRed Hat Product Security has rated this update as having a security impact ...

Synopsis Critical: Multicluster Engine for Kubernetes 20 hotfix security update for console Type/Severity Security Advisory: Critical Topic Red Hat Multicluster Engine Hotfix Security Update for ConsoleRed Hat Product Security has rated this update as having a security impactof Critical A Common Vulnerability Scoring System (CVSS) base scor ...

Synopsis Critical: Red Hat Advanced Cluster Management 26 hotfix security update for console Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes hotfix security update for consoleRed Hat Product Security has rated this update as having a security impactof Critical A Common Vulnerability Scoring ...

Synopsis Critical: Multicluster Engine for Kubernetes 21 hotfix security update for console Type/Severity Security Advisory: Critical Topic Multicluster Engine for Kubernetes 21 hotfix security update for consoleRed Hat Product Security has rated this update as having a security impactof Critical A Common Vulnerability Scoring System (CVSS ...

Synopsis Critical: Red Hat Advanced Cluster Management 273 security fixes and bug fixes Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 273 GeneralAvailability release images, which fix bugs and security updates container imagesRed Hat Product Security has rated this update as having a s ...

Synopsis Critical: Red Hat Advanced Cluster Management 25 hotfix security update for console Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes hotfix security update for consoleRed Hat Product Security has rated this update as having a security impactof Critical A Common Vulnerability Scoring ...

DescriptionThe MITRE CVE dictionary describes this issue as: vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules There exists a vulnerability in exception sanitization of vm2 for versions up to 3916, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape ...

Initial foothold and privilege escalation for HTB Codify

HTB-Codify Initial foothold and privilege escalation for HTB Codify Reverse Shell Based on CVE-2023-30547 Replace PLACEHOLDER with your bash command const {VM} = require("vm2"); const vm = new VM(); const code = ` err = {}; const handler = { getPrototypeOf(target) { (function stack() { new Error()stack; stack(); })();

PoC Exploit for VM2 Sandbox Escape Vulnerability

CVE-2023-30547 PoC Exploit for VM2 Sandbox Escape Vulnerability Description vm2 < 3917 is vulnerable to arbitrary code execution due to a flaw in exception sanitization Attackers can exploit this by triggering an unsanitized host exception within handleException(), enabling them to escape the sandbox and run arbitrary code in the host context VM2-Exploit ⚠️ Cons

PoC to CVE-2023-30547 (Library vm2)

CVE-2023-30547 This is a Proof-of-Concept to CVE-2023-30547 (nvdnistgov/vuln/detail/CVE-2023-30547) I created this PoC during a CTF Usage CVE-2023-30547 PoC [-h] [--url URL] [--lhost LHOST] [--lport LPORT] PoC for the vm2 vulnerability CVE-2023-30547 options: -h, --help show this help message and exit --url URL Target URL --lhost LHOST IP of the lo

Write-Up Codify Nmap Trois services nous sont accessibles : 22 : serveur SSH OpenSSH 89p1 Ubuntu 3ubuntu04 (Ubuntu Linux; protocol 20) 80 : Apache httpd 2452 3000 : Nodejs Express framework OpenSSH et Apache semblent tous les deux à jour Le 3ème port présent nous indique que l'application web est écrite en NodeJS FootHold L'appl

Tool for exploring CVE-2023-30547

CVE-2023-30547 Vulnerability description vm2 is a sandbox that can run untrusted code with whitelisted

NVD-CWE-noinfo https://github.com/patriksimek/vm2/commit/f3db4dee4d76b19869df05ba7880d638a880edd5 https://github.com/patriksimek/vm2/commit/4b22e87b102d97d45d112a0931dba1aef7eea049 https://github.com/patriksimek/vm2/security/advisories/GHSA-ch3r-j5x3-6q2m https://gist.github.com/leesh3288/381b230b04936dd4d74aaf90cc8bb244 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:1887 https://github.com/Af7eR9l0W/HTB-Codify https://access.redhat.com/security/cve/cve-2023-30547

CVE-2023-30547

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect