Critical Vulnerability in vm2 Sandbox Library

Published on 19 May 2023

vm2 has released security updates to address a critical vulnerability (CVE-2023-32314) in vm2 Sandbox Library. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

Successful exploitation of the sandbox escape vulnerability could allow an attacker to bypass sandbox protections and gain remote code execution rights on the host machine running the sandbox.

The vulnerability affects vm2 versions 3.9.17 and earlier.

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:

https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5

https://nvd.nist.gov/vuln/detail/CVE-2023-32314

https://securityonline.info/exploit-available-for-critical-rce-cve-2023-32314-bug-in-vm2-sandbox-library/

Tags
Alerts Alerts & Advisories
Share