CVE-2022-36067

CRITICAL

vm2 <3.9.11 - RCE

Title source: llm

Description

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.11 of vm2. There are no known workarounds.

Exploits (2)

nomisec WORKING POC 7 stars

by Prathamrajgor · poc

https://github.com/Prathamrajgor/Exploit-For-CVE-2022-36067

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by 0x1nsomnia · poc

https://github.com/0x1nsomnia/CVE-2022-36067-vm2-POC-webapp

View Code ZIP pw:eip

References (6)

[Exploit, Third Party Advisory] https://github.com/patriksimek/vm2/blob/master/lib/setup-sandbox.js#L71

[Patch, Third Party Advisory] https://github.com/patriksimek/vm2/commit/d9a7f3cc995d3d861e1380eafb886cb3c5e2b873#diff-b1a515a627d820118e76d0e323fe2f0589ed50a1eacb490f6c3278fe3698f164

[Issue Tracking, Third Party Advisory] https://github.com/patriksimek/vm2/issues/467

[Patch, Third Party Advisory] https://github.com/patriksimek/vm2/security/advisories/GHSA-mrgp-mrhc-5jrq

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20221017-0002/

[Exploit, Third Party Advisory] https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067

Scores

CVSS v3 10.0

EPSS 0.8252

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-913

Status published

Products (2)

npm/vm2 0 - 3.9.11npm

vm2_project/vm2 < 3.9.11

Published Sep 06, 2022

Tracked Since Feb 18, 2026