Description
### NVD
> vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
### GitHub
> vm2 Sandbox Escape vulnerability
>
> A sandbox escape vulnerability exists in vm2 for versions up to 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`.
>
> ### Impact
> A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox.
>
> ### Patches
> This vulnerability was patched in the release of version `3.9.18` of `vm2`.
>
> ### Workarounds
> None.
>
> ### References
> PoC - https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac
>
> ### For more information
>
> If you have any questions or comments about this advisory:
>
> - Open an issue in [VM2](https://github.com/patriksimek/vm2)
>
> Thanks to @arkark (Takeshi Kaneko) of GMO Cybersecurity by Ierae, Inc. for disclosing this vulnerability.
CVSS details - 10
|CVSS3 metrics||
|:-|:-|
|Attack Vector|**Network**|
|Attack Complexity|**Low**|
|Privileges Required|**None**|
|User interaction|**None**|
|Scope|**Changed**|
|Confidentiality|**High**|
|Integrity|**High**|
|Availability|**High**|
References
[vm2 Sandbox Escape vulnerability · CVE-2023-32314 · GitHub Advisory Database · GitHub](https://github.com/advisories/GHSA-whpj-8f3w-67p5)[](https://github.com/advisories/GHSA-whpj-8f3w-67p5)
[NVD - CVE-2023-32314](https://nvd.nist.gov/vuln/detail/CVE-2023-32314)[](https://nvd.nist.gov/vuln/detail/CVE-2023-32314)
[Release 3.9.18 · patriksimek/vm2 · GitHub](https://github.com/patriksimek/vm2/releases/tag/3.9.18)[](https://github.com/patriksimek/vm2/releases/tag/3.9.18)
[Sandbox Escape in vm2@3.9.17 - CVE-2023-32314 · GitHub](https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac)[](https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac)
[Sandbox Escape · Advisory · patriksimek/vm2 · GitHub](https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5)[](https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5)
[Ensure host array does not leak through proxy · patriksimek/vm2@d88105f · GitHub](https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf)[](https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf)
CVE–2023–32314![shield](https://debricked.com/media/images/default_images/markdown/pull_request/critical3-2-01.svg)
Vulnerability details
Description
### NVD > vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability. ### GitHub > vm2 Sandbox Escape vulnerability > > A sandbox escape vulnerability exists in vm2 for versions up to 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. > > ### Impact > A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. > > ### Patches > This vulnerability was patched in the release of version `3.9.18` of `vm2`. > > ### Workarounds > None. > > ### References > PoC - https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac > > ### For more information > > If you have any questions or comments about this advisory: > > - Open an issue in [VM2](https://github.com/patriksimek/vm2) > > Thanks to @arkark (Takeshi Kaneko) of GMO Cybersecurity by Ierae, Inc. for disclosing this vulnerability.CVSS details -
10
|CVSS3 metrics|| |:-|:-| |Attack Vector|**Network**| |Attack Complexity|**Low**| |Privileges Required|**None**| |User interaction|**None**| |Scope|**Changed**| |Confidentiality|**High**| |Integrity|**High**| |Availability|**High**|References
[vm2 Sandbox Escape vulnerability · CVE-2023-32314 · GitHub Advisory Database · GitHub](https://github.com/advisories/GHSA-whpj-8f3w-67p5)[Related information
:pushpin: Remember! Check the changes to ensure they don't introduce any breaking changes.
:books: Read more about the CVE