search

OS2iot / OS2iot-backend

This repository contains the backend to the project OS2iot.
Mozilla Public License 2.0
10 stars 7 forks source link

Fix CVE–2023–32314 #214

Closed debricked[bot] closed 1 year ago

debricked[bot] commented 1 year ago

CVE–2023–32314

Vulnerability details

Description ### NVD > vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability. ### GitHub > vm2 Sandbox Escape vulnerability > > A sandbox escape vulnerability exists in vm2 for versions up to 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. > > ### Impact > A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. > > ### Patches > This vulnerability was patched in the release of version `3.9.18` of `vm2`. > > ### Workarounds > None. > > ### References > PoC - https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac > > ### For more information > > If you have any questions or comments about this advisory: > > - Open an issue in [VM2](https://github.com/patriksimek/vm2) > > Thanks to @arkark (Takeshi Kaneko) of GMO Cybersecurity by Ierae, Inc. for disclosing this vulnerability.
CVSS details - 10   |CVSS3 metrics|| |:-|:-| |Attack Vector|**Network**| |Attack Complexity|**Low**| |Privileges Required|**None**| |User interaction|**None**| |Scope|**Changed**| |Confidentiality|**High**| |Integrity|**High**| |Availability|**High**|
References     [vm2 Sandbox Escape vulnerability · CVE-2023-32314 · GitHub Advisory Database · GitHub](https://github.com/advisories/GHSA-whpj-8f3w-67p5)[](https://github.com/advisories/GHSA-whpj-8f3w-67p5)     [NVD - CVE-2023-32314](https://nvd.nist.gov/vuln/detail/CVE-2023-32314)[](https://nvd.nist.gov/vuln/detail/CVE-2023-32314)     [Release 3.9.18 · patriksimek/vm2 · GitHub](https://github.com/patriksimek/vm2/releases/tag/3.9.18)[](https://github.com/patriksimek/vm2/releases/tag/3.9.18)     [Sandbox Escape in vm2@3.9.17 - CVE-2023-32314 · GitHub](https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac)[](https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac)     [Sandbox Escape · Advisory · patriksimek/vm2 · GitHub](https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5)[](https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5)     [Ensure host array does not leak through proxy · patriksimek/vm2@d88105f · GitHub](https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf)[](https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf)

 

Related information

:pushpin: Remember! Check the changes to ensure they don't introduce any breaking changes.
:books: Read more about the CVE

 

ramogens commented 1 year ago

This fix has already been done in v1.5.1, so I'm closing.