CVE-2023-29017

CRITICAL

vm2 <3.9.15 - RCE

Title source: llm

Description

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.15 of vm2. There are no known workarounds.

Exploits (4)

nomisec WORKING POC 2 stars

by timb-machine-mirrors · poc

https://github.com/timb-machine-mirrors/seongil-wi-CVE-2023-29017

View Code ZIP pw:eip

github WORKING POC

by GabrieleDattile · pythonpoc

https://github.com/GabrieleDattile/cve-pocs/tree/main/CVE/CVE-2023-29017

View Code ZIP pw:eip

nomisec WORKING POC

by passwa11 · poc

https://github.com/passwa11/CVE-2023-29017-reverse-shell

View Code ZIP pw:eip

inthewild

poc

https://github.com/kaneki-hash/cve-2023-29017-reverse-shell

View on inthewild

References (4)

[Exploit] https://gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d

[Patch] https://github.com/patriksimek/vm2/commit/d534e5785f38307b70d3aac1945260a261a94d50

[Exploit, Issue Tracking] https://github.com/patriksimek/vm2/issues/515

[Vendor Advisory] https://github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv

Scores

CVSS v3 10.0

EPSS 0.7540

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-913

Status published

Products (2)

npm/vm2 0 - 3.9.15npm

vm2_project/vm2 < 3.9.15

Published Apr 06, 2023

Tracked Since Feb 18, 2026