Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-29017 PoC — vm2 安全漏洞

Source
https://github.com/timb-machine-mirrors/seongil-wi-CVE-2023-29017
Associated Vulnerability
Title:vm2 安全漏洞 (CVE-2023-29017)
Description:vm2是捷克Patrik Simek个人开发者的一个 Node.js 的高级虚拟机/沙盒。以使用列入白名单的 Node 内置模块运行不受信任的代码。 vm2 3.9.15之前版本存在安全漏洞,该漏洞源于在出现未处理的异步错误时,vm2 没有正确处理传递的主机对象。攻击者可利用该漏洞绕过沙箱保护并执行远程代码。
Description
Clone from gist
File Snapshot

 [4.0K]  /data/pocs/e1b8769aee7b5f05dcccb68ed2b59c7f4eff6d48
├── [ 306]  vm2_3.9.14_exploit_1.js
└── [ 304]  vm2_3.9.14_exploit_2.js

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.