CVE-2023-37903

CVSS 3.1 Score 10.0 of 10 (high)

Details

Published Jul 21, 2023

Updated: Feb 1, 2024

CWE ID 78

Summary

CVE-2023-37903 is a vulnerability affecting vm2, an open source Node.js vm/sandbox, versions up to and including 3.9.19. The issue involves a flaw in the Node.js custom inspect function, which enables attackers to bypass the sandbox and execute arbitrary code. This could potentially lead to Remote Code Execution if the attacker manages to gain arbitrary code execution privileges within the vm2 sandbox. Currently, there are no available patches or workarounds for this vulnerability, so users are advised to consider alternative software to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r8hddz
https://www.cve.org/CVERecord?id=CVE-2023-37903
https://nvd.nist.gov/vuln/detail/CVE-2023-37903

Back to Vulnerability Database

CVE-2023-37903

CVSS 3.1 Score 10.0 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations