icon

We found results for “

CVE-2023-29199

Good to know:

icon
icon

Date: April 14, 2023

There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass "handleException()" and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version "3.9.16" of "vm2".

Language: JS

Severity Score

Severity Score

Weakness Type (CWE)

Improper Control of Dynamically-Managed Code Resources

CWE-913

Top Fix

icon

Upgrade Version

Upgrade to version vm2 - 3.9.16

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us