CVE-2023-29017

Description from NVD

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.15 of vm2. There are no known workarounds.

Information Acquisition Date:2023-04-30T16:40Z
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD References

 https://github.com/patriksimek/vm2/issues/515
     source:MISC
     tags:Exploit    Issue Tracking    
 https://github.com/patriksimek/vm2/commit/d534e5785f38307b70d3aac1945260a261a94d50
     source:MISC
     tags:Patch    
 https://gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d
     source:MISC
     tags:Exploit    
 https://github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv
     source:MISC
     tags:Vendor Advisory    

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Java(19 tweets)



List of frequently cited URLs

URLNum of Times Referred to
http://cyberiqs.com/latestnews65
https://cvetrends.com37
https://medium.com18
https://lists.astaro.com/ASGV9-IPS-rules.html#016
https://thehackernews.com/2023/04/researchers-discover-crit...7
https://github.com/patriksimek/vm2/security/advisories/GHSA...4
https://gist.github.com/seongil-wi/2a44e082001b959bfe304b62...4
https://securityonline.info/cve-2023-29017-critical-rce-fla...4
https://twitter.com/cyber_advising/status/16452545035689984043

▼ Show Information from Twitter(266)


List of frequently cited URLs

URLNum of Times Referred to
cyberiqs.com65
cvetrends.com37
medium.com18
lists.astaro.com16
thehackernews.com7
github.com4
gist.github.com4
securityonline.info4
twitter.com3

▼ Show Information from Twitter(266)


GitHub Search Results: Up to 10
NameURL
timb-machine-mirrors/seongil-wi-CVE-2023-29017 https://github.com/timb-machine-mirrors/seongil-wi-CVE-2023-29017
Kaneki-hash/CVE-2023-29017-reverse-shell https://github.com/Kaneki-hash/CVE-2023-29017-reverse-shell

GitHub Search Results: Up to 10
NameURL
timb-machine-mirrors/seongil-wi-CVE-2023-29017 github.com
Kaneki-hash/CVE-2023-29017-reverse-shell github.com

2023/04/30 Score : 0
Added Har-sia Database : 2023/04/07
Last Modified : 2023/04/30
Highest Scored Date : 2023/04/19
Highest Score : 37