Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4.
References
Link | Resource |
---|---|
https://github.com/wasmerio/wasmer/commit/4d63febf9d8b257b0531963b85df48d45d0dbf3c | Patch |
https://github.com/wasmerio/wasmer/issues/4267 | Issue Tracking |
https://github.com/wasmerio/wasmer/security/advisories/GHSA-4mq4-7rw3-vm5j | Exploit Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-12-22T14:54:23.103Z
Updated: 2023-12-22T14:54:23.103Z
Reserved: 2023-12-21T14:14:26.224Z
Link: CVE-2023-51661
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-22T15:15:08.377
Modified: 2024-01-03T03:03:04.737
Link: CVE-2023-51661
JSON object: View
Redhat Information
No data.
CWE