CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-32314 – Sandbox Escape
https://notcve.org/view.php?id=CVE-2023-32314
A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. • https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf https://github.com/patriksimek/vm2/releases/tag/3.9.18 https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5 https://access.redhat.com/security/cve/CVE-2023-32314 https://bugzilla.redhat.com/show_bug.cgi?id=2208376 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.6EPSS: 0%CPEs: 5EXPL: 0CVE-2023-2136 – Google Chrome Skia Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-2136
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html https://crbug.com/1432603 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42 https://lists.fedoraproject.org/archives/list/package-announce@l • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 6CVE-2023-30547 – Sandbox Escape in vm2
https://notcve.org/view.php?id=CVE-2023-30547
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade. • https://github.com/rvizx/CVE-2023-30547 https://github.com/Cur1iosity/CVE-2023-30547 https://github.com/user0x1337/CVE-2023-30547 https://github.com/junnythemarksman/CVE-2023-30547 https://gist.github.com/leesh3288/381b230b04936dd4d74aaf90cc8bb244 https://github.com/patriksimek/vm2/commit/4b22e87b102d97d45d112a0931dba1aef7eea049 https://github.com/patriksimek/vm2/commit/f3db4dee4d76b19869df05ba7880d638a880edd5 https://github.com/patriksimek/vm2/security/advisories/GHSA-ch3r-j5x3-6q2m https://access.redhat.com/security/cve&# • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2023-29199 – vm2 Sandbox escape vulnerability
https://notcve.org/view.php?id=CVE-2023-29199
There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.16` of `vm2`. A flaw was found in the vm2 sandbox. When exception handling is triggered, the sanitization logic is not managed with proper exception handling. • https://gist.github.com/leesh3288/f05730165799bf56d70391f3d9ea187c https://github.com/patriksimek/vm2/commit/24c724daa7c09f003e556d7cd1c7a8381cb985d7 https://github.com/patriksimek/vm2/issues/516 https://github.com/patriksimek/vm2/releases/tag/3.9.16 https://github.com/patriksimek/vm2/security/advisories/GHSA-xj72-wvfv-8985 https://access.redhat.com/security/cve/CVE-2023-29199 https://bugzilla.redhat.com/show_bug.cgi?id=2187409 • CWE-755: Improper Handling of Exceptional Conditions CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 8CVE-2023-26122
https://notcve.org/view.php?id=CVE-2023-26122
All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. • https://gist.github.com/seongil-wi/2db6cb884e10137a93132b7f74879cce https://github.com/hacksparrow/safe-eval/issues/27 https://github.com/hacksparrow/safe-eval/issues/31 https://github.com/hacksparrow/safe-eval/issues/32 https://github.com/hacksparrow/safe-eval/issues/33 https://github.com/hacksparrow/safe-eval/issues/34 https://github.com/hacksparrow/safe-eval/issues/35 https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-3373064 • CWE-265: Privilege Issues CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •