CVE-2021-23555 — Vulnetix

CVE-2021-23555 PUBLISHED CVSS 9.8 CRITICAL

Reported by snyk · Published February 11, 2022

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.

Risk Scores

CVSS v3.1

9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P

Affected Products

Vendor	Product	Versions
n/a	vm2	unspecified
npm	vm2	0
n/a	vm2	,

Timeline

Feb 11, 2022 CVE Published
Feb 13, 2022 EPSS Score
Feb 22, 2022 CVE Updated
Feb 23, 2022 EPSS Score
Apr 6, 2022 EPSS Score
Jul 21, 2022 EPSS Score
Sep 11, 2022 EPSS Score
Nov 2, 2022 EPSS Score
Dec 24, 2022 EPSS Score
Feb 14, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 30, 2023 EPSS Score

References

x_refsource_MISC
x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2021-23555 advisory
https://github.com/advisories/GHSA-6pw2-5hjv-9pf7 advisory

Open in Interactive Console →