Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
isolated-vm has vulnerable CachedDataOptions in API
Vulnerability Description
isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. Version 4.3.7 changes the documentation to warn users that they should not accept `cachedData` payloads from a user.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
保护机制失效
Vulnerability Title
Marcel Laverdet isolated-vm 安全漏洞
Vulnerability Description
Marcel Laverdet isolated-vm是Marcel Laverdet开源的一个应用程序。用于nodejs的库,可访问v8的Isolate界面。 Marcel Laverdet isolated-vm 4.3.6版本及之前版本存在安全漏洞,该漏洞源于允许用户访问 v8 的 Isolate 接口,攻击者利用该漏洞可以绕过沙箱并在 nodejs 进程中运行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A