CVE-2022-36067

Description from NVD

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.11 of vm2. There are no known workarounds.

Information Acquisition Date:2022-10-11T14:56Z
CVSS 2.0: 0.0 None CVSS 3.x: 10.0 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

NVD References

 https://github.com/patriksimek/vm2/commit/d9a7f3cc995d3d861e1380eafb886cb3c5e2b873#diff-b1a515a627d820118e76d0e323fe2f0589ed50a1eacb490f6c3278fe3698f164
     source:MISC
     tags:Patch    Third Party Advisory    
 https://github.com/patriksimek/vm2/issues/467
     source:MISC
     tags:Issue Tracking    Third Party Advisory    
 https://github.com/patriksimek/vm2/blob/master/lib/setup-sandbox.js#L71
     source:MISC
     tags:Exploit    Third Party Advisory    
 https://github.com/patriksimek/vm2/security/advisories/GHSA-mrgp-mrhc-5jrq
     source:CONFIRM
     tags:Patch    Third Party Advisory    

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Java(1 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...158
https://cvetrends.com50
https://lists.astaro.com/ASGV9-IPS-rules.html#016
https://security.sios.com/vulnerability/misc-security-vulne...13
https://thehackernews.com/2022/10/researchers-detail-critic...7
https://noticiasseguridad.com/vulnerabilidades/se-descubre-...6
https://twitter.com/kmkz_security/status/15974311274004193283
https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2...3
https://tweetedtimes.com/jefstratiou?s=tnp3
https://www.helpnetsecurity.com/2022/10/10/cve-2022-360673

Information from Twitter

User URL Info Source Date
redeyes0x https://redeyes0x.github.io/posts/pinkvm Source redeyes0x        1635509473786707968 2023/03/14
57h https://redeyes0x.github.io/posts/pinkvm Source 57h              1635510384923639809 2023/03/14
kriwarez https://twitter.com/kriwarez/status/1647894110613667840/pho... Source kriwarez         1647894110613667840 2023/04/17

List of frequently cited URLs

URLNum of Times Referred to
alerts.vulmon.com158
cvetrends.com50
lists.astaro.com16
security.sios.com13
thehackernews.com7
noticiasseguridad.com6
twitter.com3
www.oxeye.io3
tweetedtimes.com3
www.helpnetsecurity.com3

Information from Twitter

User URL Info Source
redeyes0x redeyes0x.github.io Show Tweet
57h redeyes0x.github.io Show Tweet
kriwarez twitter.com Show Tweet
GitHub Search Results: Up to 10
NameURL
No Data
GitHub Search Results: Up to 10
NameURL
No Data
2023/04/17 Score : 0
Added Har-sia Database : 2022/09/07
Last Modified : 2023/04/17
Highest Scored Date : 2022/10/11
Highest Score : 39