Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
&color=brightgreen)
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade.
- https://gist.github.com/leesh3288/381b230b04936dd4d74aaf90cc8bb244
- https://github.com/patriksimek/vm2/security/advisories/GHSA-ch3r-j5x3-6q2m
- https://github.com/Af7eR9l0W/HTB-Codify
- https://github.com/Cur1iosity/CVE-2023-30547
- https://github.com/Maladra/Write-Up-Codify
- https://github.com/jakabakos/vm2-sandbox-escape-exploits
- https://github.com/junnythemarksman/CVE-2023-30547
- https://github.com/karimhabush/cyberowl
- https://github.com/lyj3475/node-red-contrib-opcua-xlabserver
- https://github.com/mrhenrike/Hacking-Cheatsheet
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/okostine-panw/pc_scripts
- https://github.com/rvizx/CVE-2023-30547
- https://github.com/user0x1337/CVE-2023-30547
- https://github.com/w181496/Web-CTF-Cheatsheet