Description
Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4.
References (3)
Core 3
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/wasmerio/wasmer/security/advisories/GHSA-4mq4-7rw3-vm5j
Issue Tracking x_refsource_misc
https://github.com/wasmerio/wasmer/issues/4267
Scores
CVSS v3
8.4
EPSS
0.0060
EPSS Percentile
44.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-284
Status
published
Products (2)
crates.io/wasmer-cli
3.0.0 - 4.2.4crates.io
wasmer/wasmer
3.0.0 - 4.2.4
Published
Dec 22, 2023
Tracked Since
Feb 18, 2026