CVSS: 10.0EPSS: 14%CPEs: 1EXPL: 2CVE-2023-37466 – vm2 Sandbox Escape vulnerability
https://notcve.org/view.php?id=CVE-2023-37466
13 Jul 2023 — vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox. vm2 es una máquina virtual/sandbox avanzada para Node.js. La librer... • https://packetstorm.news/files/id/177623 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37274 – Python code execution sandbox escape in non-docker version in Auto-GPT
https://notcve.org/view.php?id=CVE-2023-37274
13 Jul 2023 — Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which should not have access to any files outside of the Auto-GPT workspace directory. Before v0.4.3, the `execute_python_code` command (introduced in v0.4.1) does not sanitize the `basename` arg before writing LLM-suppl... • https://github.com/Significant-Gravitas/Auto-GPT/pull/4756 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2023-37271 – RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape
https://notcve.org/view.php?id=CVE-2023-37271
11 Jul 2023 — RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generator expressions, which are allowed inside RestrictedPython. Prior to versions 6.1 and 5.3, an attacker with access to a RestrictedPython environment can write code that gets the current stack frame in a generator and... • https://github.com/zopefoundation/RestrictedPython/commit/c8eca66ae49081f0016d2e1f094c3d72095ef531 • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-25136
https://notcve.org/view.php?id=CVE-2019-25136
19 Jun 2023 — A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. • https://bugzilla.mozilla.org/show_bug.cgi?id=1530709 •
CVSS: 8.6EPSS: 2%CPEs: 8EXPL: 0CVE-2023-32409 – Apple Multiple Products WebKit Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2023-32409
30 May 2023 — The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited. macOS Ventura 13.4 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities. Apple iOS, iPadOS, macOS, tvOS, ... • https://support.apple.com/en-us/HT213757 •
CVSS: 10.0EPSS: 51%CPEs: 1EXPL: 2CVE-2023-32314 – Sandbox Escape
https://notcve.org/view.php?id=CVE-2023-32314
15 May 2023 — A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. • https://github.com/AdarkSt/Honeypot_Smart_Infrastructure • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-2136 – Google Chrome Skia Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-2136
19 Apr 2023 — Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. ... Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 77%CPEs: 1EXPL: 6CVE-2023-30547 – Sandbox Escape in vm2
https://notcve.org/view.php?id=CVE-2023-30547
17 Apr 2023 — vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade. • https://github.com/rvizx/CVE-2023-30547 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 28%CPEs: 1EXPL: 1CVE-2023-29199 – vm2 Sandbox escape vulnerability
https://notcve.org/view.php?id=CVE-2023-29199
14 Apr 2023 — There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.16` of `vm2`. A flaw was found in the vm2 s... • https://gist.github.com/leesh3288/f05730165799bf56d70391f3d9ea187c • CWE-755: Improper Handling of Exceptional Conditions CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 8CVE-2023-26122
https://notcve.org/view.php?id=CVE-2023-26122
11 Apr 2023 — All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. ... All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. • https://gist.github.com/seongil-wi/2db6cb884e10137a93132b7f74879cce • CWE-265: Privilege Issues CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •