CVE-2021-23555
published 2022-02-11CVE-2021-23555: The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a…
PriorityP356critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.70%
84.0th percentile
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vm2_project | vm2 | < 3.9.6 | 3.9.6 |
| vm2_project | vm2 | >= 0 < 3.9.6 | 3.9.6 |
| vm2_project | vm2 | >= unspecified < 3.9.6 | 3.9.6 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
vm2: vulnerable to Sandbox Bypass
vendor_redhat·2022-02-11·CVSS 9.8
CVE-2021-23555 [CRITICAL] CWE-562 vm2: vulnerable to Sandbox Bypass
vm2: vulnerable to Sandbox Bypass
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.
A flaw was found in vm2, where the sandbox can be bypassed via direct access to host error objects generated by node internals during the generation of stack traces. This flaw allows an attacker to execute arbitrary code on the host machine.
Package: rhacm2/console-rhel8 (Red Hat Advanced Cluster Management for Kubernetes 2) - Affected
GHSA
Sandbox bypass in vm2
ghsa·2022-02-12
CVE-2021-23555 [CRITICAL] CWE-1321 Sandbox bypass in vm2
Sandbox bypass in vm2
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.
OSV
Sandbox bypass in vm2
osv·2022-02-12
CVE-2021-23555 [CRITICAL] Sandbox bypass in vm2
Sandbox bypass in vm2
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-02-11
Published