CVE-2021-23555

Critical

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during…

snyk·CWE-1321·Published 2022-02-11

CVSS

9.8

EPSS

0.03

KEV

Exploits

cve.orgen

232 chars

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.

NVDen

232 chars

OSV.deven

232 chars

GHSAen

232 chars

NVDes

303 chars

El paquete vm2 versiones anteriores a 3.9.6, es vulnerable a una Omisión de Sandbox por medio del acceso directo a los objetos de error del host generados por los internos del nodo durante la generación de un stacktrace, lo que puede conllevar a una ejecución de código arbitrario en la máquina del host

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	10.0	10.0	10.0	AV:N/AC:L/Au:N/C:C/I:C/A:C
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
3.1	Secondary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	GHSA	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H