漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
isolated-vm has vulnerable CachedDataOptions in API
Vulnerability Description
isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. Version 4.3.7 changes the documentation to warn users that they should not accept `cachedData` payloads from a user.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
保护机制失效
Vulnerability Title
Marcel Laverdet isolated-vm 安全漏洞
Vulnerability Description
Marcel Laverdet isolated-vm是Marcel Laverdet开源的一个应用程序。用于nodejs的库,可访问v8的Isolate界面。 Marcel Laverdet isolated-vm 4.3.6版本及之前版本存在安全漏洞,该漏洞源于允许用户访问 v8 的 Isolate 接口,攻击者利用该漏洞可以绕过沙箱并在 nodejs 进程中运行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A