There exists a vulnerability in... CVE-2023-29199
-
AV
AC
AU
C
I
A
发布:
2023-04-14
修订:
2023-04-25
There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.16` of `vm2`.
漏洞利用/PoC
暂无可用Exp或PoC
受影响的平台与产品
当前有1条受影响产品信息
