CVE-2021-23555 - OpenCVE

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Vm2 Project	Vm2

Configuration 1 [-]

cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*

References

Link	Resource
https://github.com/patriksimek/vm2/commit/532120d5cdec7da8225fc6242e154ebabc63fe4d	Patch Third Party Advisory
https://snyk.io/vuln/SNYK-JS-VM2-2309905	Exploit Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: snyk

Published: 2022-02-11T00:00:00

Updated: 2022-02-11T20:00:14

Reserved: 2021-01-08T00:00:00

Link: CVE-2021-23555

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-02-11T20:15:07.440

Modified: 2022-02-22T20:12:04.073

Link: CVE-2021-23555

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "vm2", "vendor": "n/a", "versions": [{"lessThan": "3.9.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Cris Staicu"}, {"lang": "en", "value": "Abdullah Alhamdan"}], "datePublic": "2022-02-11T00:00:00", "descriptions": [{"lang": "en", "value": "The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 9.3, "temporalSeverity": "CRITICAL", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Sandbox Bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-11T20:00:14", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-VM2-2309905"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/patriksimek/vm2/commit/532120d5cdec7da8225fc6242e154ebabc63fe4d"}], "title": "Sandbox Bypass", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2022-02-11T20:00:01.307277Z", "ID": "CVE-2021-23555", "STATE": "PUBLIC", "TITLE": "Sandbox Bypass"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "vm2", "version": {"version_data": [{"version_affected": "<", "version_value": "3.9.6"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Cris Staicu"}, {"lang": "eng", "value": "Abdullah Alhamdan"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Sandbox Bypass"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JS-VM2-2309905", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-VM2-2309905"}, {"name": "https://github.com/patriksimek/vm2/commit/532120d5cdec7da8225fc6242e154ebabc63fe4d", "refsource": "MISC", "url": "https://github.com/patriksimek/vm2/commit/532120d5cdec7da8225fc6242e154ebabc63fe4d"}]}}}}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2021-23555", "datePublished": "2022-02-11T00:00:00", "dateReserved": "2021-01-08T00:00:00", "dateUpdated": "2022-02-11T20:00:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "A38F3A2F-5314-4E50-8F41-A5065487B64B", "versionEndExcluding": "3.9.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine."}, {"lang": "es", "value": "El paquete vm2 versiones anteriores a 3.9.6, es vulnerable a una Omisi\u00f3n de Sandbox por medio del acceso directo a los objetos de error del host generados por los internos del nodo durante la generaci\u00f3n de un stacktrace, lo que puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitrario en la m\u00e1quina del host"}], "id": "CVE-2021-23555", "lastModified": "2022-02-22T20:12:04.073", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2022-02-11T20:15:07.440", "references": [{"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/patriksimek/vm2/commit/532120d5cdec7da8225fc6242e154ebabc63fe4d"}, {"source": "report@snyk.io", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-VM2-2309905"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}