CVE-2023-29017 — vm2 vulnerable to sandbox escape

Description

vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. - vm2 version: ~3.9.14 - Node version: 18.15.0, 19.8.1, 17.9.1 ### Impact A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. ### Patches This vulnerability was patched in the release of version `3.9.15` of `vm2`. ### Workarounds None.

How to fix CVE-2023-29017

To remediate CVE-2023-29017, upgrade the affected package to a fixed version below.

—upgrade to 3.9.15 or later

Is CVE-2023-29017 being exploited?

Likely — EPSS is 75.0%, placing CVE-2023-29017 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

from 0, < 3.9.15

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-29017
PATCHgithub.com/patriksimek/vm2
WEBgist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d
WEBgithub.com/patriksimek/vm2/commit/d534e5785f38307b70d3aac1945260a261a94d50
WEB