Published: 21/07/2023 Updated: 01/02/2024

CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9

VMScore: 0

vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows malicious users to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. There are no patches and no known workarounds. Users are advised to find an alternative software.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vm2 project vm2

概述 Critical: Red Hat Advanced Cluster Management 281 security and bug fix updates 类型/严重性 Security Advisory: Critical 标题 Red Hat Advanced Cluster Management for Kubernetes 281 GeneralAvailability release images, which provide security updates and fix bugsRed Hat Product Security has rated this update as having a security ...

Synopsis Critical: Multicluster Engine for Kubernetes 231 security updates and bug fixes Type/Severity Security Advisory: Critical Topic Multicluster Engine for Kubernetes 231 General Availability release images, which contain security updates and fix bugsRed Hat Product Security has rated this update as having a security impactof Critic ...

Synopsis Critical: Multicluster Engine for Kubernetes 227 security updates and bug fixes Type/Severity Security Advisory: Critical Topic Multicluster Engine for Kubernetes 227 General Availability release images, which provide security updates and fix bugsRed Hat Product Security has rated this update as having a security impactof Critic ...

Synopsis Critical: Red Hat Advanced Cluster Management 267 security and bug fix updates Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 267 GeneralAvailability release images, which provide security updates and fix bugsRed Hat Product Security has rated this update as having a security i ...

Synopsis Critical: Red Hat Advanced Cluster Management 277 security and bug fix updates Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 277 GeneralAvailability release images, which provide security updates and fix bugsRed Hat Product Security has rated this update as having a security i ...

Synopsis Critical: Multicluster Engine for Kubernetes 218 security updates and bug fixes Type/Severity Security Advisory: Critical Topic Multicluster Engine for Kubernetes 218 General Availability release images, which fix bugs and update container imagesRed Hat Product Security has rated this update as having a security impactof Critica ...

DescriptionThe MITRE CVE dictionary describes this issue as: vm2 is an open source vm/sandbox for Nodejs In vm2 for versions up to and including 3919, Nodejs custom inspect function allows attackers to escape the sandbox and run arbitrary code This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primiti ...

Exploit for CVE-2023-37903

CVE-2023-37903 Exploit for CVE-2023-37903 (Proof Of Concept & Reverse Shell) CVE Owned by: SeungHyun Lee

CWE-78 https://github.com/patriksimek/vm2/security/advisories/GHSA-g644-9gfx-q4q4 https://security.netapp.com/advisory/ntap-20230831-0007/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:4875 https://github.com/7h3h4ckv157/CVE-2023-37903 https://access.redhat.com/security/cve/cve-2023-37903

CVE-2023-37903

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect