PT-2023-2417 · Vm2 · Vm2
Seunghyun Lee
+1
·
Publicado
2023-04-17
·
Atualizado
2026-05-06
·
CVE-2023-30547
CVSS v2.0
10
Crítica
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
vm2 versions up to 3.9.16
Description
The issue exists due to inadequate sanitization of special elements in the
handleException() function of the vm2 library, allowing a remote attacker to escape the sandbox and execute arbitrary code in the host context. This can be achieved by raising an unsanitized host exception inside the handleException() function.Recommendations
For versions up to 3.9.16, upgrade to version 3.9.17 or later to resolve the issue.
As a temporary workaround, consider disabling the
handleException() function until a patch is available.Exploit
Correção
Special Elements Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Vm2