CVE-2023-37274 – Python code execution sandbox escape in non-docker version in Auto-GPT
https://notcve.org/view.php?id=CVE-2023-37274
This allows for a path traversal attack that can overwrite any .py file outside the workspace directory by specifying a `basename` such as `../../..... This can further be abused to achieve arbitrary code execution on the host running Auto-GPT by e.g. overwriting autogpt/main.py which will be executed outside of the docker environment meant to sandbox custom python code execution the next time Auto-GPT is started. • https://github.com/Significant-Gravitas/Auto-GPT/pull/4756 https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-5h38-mgp9-rj5f • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-37271 – RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape
https://notcve.org/view.php?id=CVE-2023-37271
Prior to versions 6.1 and 5.3, an attacker with access to a RestrictedPython environment can write code that gets the current stack frame in a generator and then walk the stack all the way beyond the RestrictedPython invocation boundary, thus breaking out of the restricted sandbox and potentially allowing arbitrary code execution in the Python interpreter. • https://github.com/zopefoundation/RestrictedPython/commit/c8eca66ae49081f0016d2e1f094c3d72095ef531 https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-wqc8-x2pr-7jqh • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVE-2019-25136
https://notcve.org/view.php?id=CVE-2019-25136
A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70. • https://bugzilla.mozilla.org/show_bug.cgi?id=1530709 https://www.mozilla.org/security/advisories/mfsa2019-34 •
CVE-2023-32409 – Apple Multiple Products WebKit Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2023-32409
A remote attacker may be able to break out of Web Content sandbox. ... Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. • https://support.apple.com/en-us/HT213757 https://support.apple.com/en-us/HT213758 https://support.apple.com/en-us/HT213761 https://support.apple.com/en-us/HT213762 https://support.apple.com/en-us/HT213764 https://support.apple.com/en-us/HT213842 •
CVE-2023-32314 – Sandbox Escape
https://notcve.org/view.php?id=CVE-2023-32314
vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. ... As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. ... A flaw was found in the vm2 sandbox. When a host object is created based on the specification of Proxy, an attacker can bypass the sandbox protections. • https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf https://github.com/patriksimek/vm2/releases/tag/3.9.18 https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5 https://access.redhat.com/security/cve/CVE-2023-32314 https://bugzilla.redhat.com/show_bug.cgi?id=2208376 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •