Xion

Name of the Vulnerable Software and Affected Versions: Node.js versions 20 through 21 Description: The issue is related to the experimental permission model in Node.js, where user-defined implementations can overwrite built-in utility functions used to normalize paths provided to node:fs functions. This can lead to a filesystem permission model bypass through a path traversal attack. The vulnerability affects users of the experimental permission model in the specified Node.js versions. Recommendations: For Node.js versions 20 through 21, consider disabling the experimental permission model until a patch is available. Restrict access to node:fs functions to minimize the risk of exploitation. Avoid using user-defined implementations for path normalization until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** vm2 versions prior to 3.10.0 **Description** vm2 is an advanced sandbox for Node.js. A flaw in the sanitization of the `Promise` handler allows the `@@species` accessor property to be bypassed. This enables attackers who already have arbitrary code execution primitives within the sandbox context to escape the isolated environment and execute arbitrary code on the host system, potentially leading to remote code execution. The project maintenance has been discontinued, and the library is not recommended for production use. **Recommendations** Update to version 3.10.0.

**Name of the Vulnerable Software and Affected Versions** vm2 versions up to 3.9.16 **Description** The issue exists due to inadequate sanitization of special elements in the `handleException()` function of the vm2 library, allowing a remote attacker to escape the sandbox and execute arbitrary code in the host context. This can be achieved by raising an unsanitized host exception inside the `handleException()` function. **Recommendations** For versions up to 3.9.16, upgrade to version 3.9.17 or later to resolve the issue. As a temporary workaround, consider disabling the `handleException()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** vm2 versions up to 3.9.15 **Description** The issue is related to the source code transformer's exception sanitization logic in vm2, allowing attackers to bypass the `handleException()` function and leak unsanitized host exceptions. This can be used to escape the sandbox and run arbitrary code in the host context, giving a threat actor remote code execution rights on the host running the sandbox. **Recommendations** For versions up to 3.9.15, update to version 3.9.16 to patch the vulnerability. As a temporary workaround, consider disabling the `handleException()` function until a patch is available. Restrict access to the vm2 sandbox to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Redis versions prior to 7.0.8 Redis versions prior to 6.2.9 Redis versions prior to 6.0.17 **Description** The issue is related to an integer overflow when processing objects, which can be triggered by authenticated users issuing specially crafted `SETRANGE` and `SORT( RO)` commands. This can cause the database to attempt to allocate large amounts of memory, leading to an out-of-memory panic. There are no known workarounds for this issue. **Recommendations** For versions prior to 7.0.8, upgrade to version 7.0.8 or later. For versions prior to 6.2.9, upgrade to version 6.2.9 or later. For versions prior to 6.0.17, upgrade to version 6.0.17 or later.

**Name of the Vulnerable Software and Affected Versions** Redis versions 7.0.0 through 7.0.4 **Description** The issue is related to an integer overflow when handling the `COUNT` argument in the `XAUTOCLAIM` command on a stream key in a specific state. This may cause a subsequent heap overflow and potentially lead to remote code execution. The problem affects the 7.x branch and requires access to execute queries to carry out an attack. **Recommendations** For Redis versions 7.0.0 through 7.0.4, update to Redis version 7.0.5 to resolve the issue. As a temporary workaround, consider restricting access to the `XAUTOCLAIM` command to minimize the risk of exploitation. Avoid using a specially crafted `COUNT` argument in the affected command until the issue is resolved.