CVE-2023-37466
CVE-2023-37466
9.8
CriticalPublished:
Last updated:
Source:security-advisories@github.com
Modified
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox. Version 3.10.0 contains a patch for the issue.
Comprehensive Technical Analysis of CVE-2023-37466 (vm2 Sandbox Escape Vulnerability)
1. Vulnerability Assessment and Severity Evaluation
CVE ID: CVE-2023-37466 CVSS Score: 9.8 (Critical) – AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Vector Breakdown:
- Attack Vector (AV:N): Network-exploitable (remote attack surface).
- Attack Complexity (AC:L): Low (no special conditions required).
- Privileges Required (PR:N): None (unauthenticated exploitation).
- User Interaction (UI:N): None (fully automated exploitation).
- Scope (S:U): Unchanged (impact confined to the vulnerable component).
- Confidentiality (C:H), Integrity (I:H), Availability (A:H): High impact across all three security objectives.
Severity Justification
This vulnerability is critical due to:
- Remote Code Execution (RCE) potential – Allows attackers to escape the vm2 sandbox and execute arbitrary code on the host system.
- Low attack complexity – No authentication or user interaction required.
- Widespread impact – vm2 is a popular Node.js sandboxing library used in security-sensitive environments (e.g., serverless functions, API gateways, and untrusted code execution platforms).
- Discontinued maintenance – The project is no longer supported, increasing long-term risk for unpatched deployments.
2. Potential Attack Vectors and Exploitation Methods
Root Cause Analysis
The vulnerability stems from insufficient sanitization of Promise handlers in vm2 versions ≤ 3.9.19. Specifically:
- The
@@speciesaccessor property (a well-known JavaScript symbol) can be manipulated to bypass sandbox restrictions. - Attackers can override the
Promiseconstructor’s species property, leading to prototype pollution and sandbox escape. - Once the sandbox is bypassed, arbitrary JavaScript execution occurs in the host Node.js environment, enabling RCE.
Exploitation Steps
- Trigger a
Promisein the sandbox (e.g., viaPromise.resolve()ornew Promise()). - Override
@@speciesto point to a malicious function:Promise.prototype.constructor = { [Symbol.species]: function() { return function() { /* Malicious payload */ }; } }; - Force the sandbox to use the tampered
Promise, leading to code execution outside the sandbox. - Execute arbitrary commands (e.g.,
require('child_process').exec('malicious_command')).
Proof-of-Concept (PoC) Exploit
A working exploit has been demonstrated in the wild, leveraging:
const { VM } = require('vm2');
const vm = new VM();
vm.run(`
Promise.prototype.constructor = {
[Symbol.species]: function() {
return function() {
return require('child_process').execSync('id').toString();
};
}
};
new Promise(() => {}).then(() => {});
`);
Result: The id command executes on the host system, proving sandbox escape.
Attack Scenarios
- Serverless Functions (AWS Lambda, Cloudflare Workers): Untrusted code execution in sandboxed environments.
- API Gateways & Microservices: Malicious payloads in user-submitted scripts.
- CI/CD Pipelines: Sandboxed script execution in build environments.
- Web Applications: User-uploaded JavaScript running in isolated contexts.
3. Affected Systems and Software Versions
Vulnerable Versions
- vm2 ≤ 3.9.19 (all prior versions are affected).
- Fixed in: vm2 v3.10.0 (released July 14, 2023).
Dependent Systems at Risk
- Node.js applications using vm2 for sandboxing.
- Serverless platforms (e.g., AWS Lambda, Google Cloud Functions) that rely on vm2 for isolation.
- Security tools (e.g., malware analysis sandboxes, code execution engines).
- CI/CD pipelines (e.g., GitHub Actions, GitLab CI) that execute untrusted scripts.
Detection Methods
- Static Analysis: Check
package.jsonornode_modulesforvm2versions ≤ 3.9.19. - Dynamic Analysis: Monitor for unusual
Promise-related behavior in sandboxed environments. - Network Inspection: Look for exploit attempts targeting vm2 endpoints (e.g., API calls with malicious
Promisepayloads).
4. Recommended Mitigation Strategies
Immediate Actions
- Upgrade to vm2 v3.10.0+ (or later, if available).
npm install vm2@latest - Isolate vm2-based applications in a dedicated, least-privilege environment (e.g., containers with strict seccomp policies).
- Disable vm2 in production if possible, given its end-of-life (EOL) status.
Long-Term Mitigations
| Mitigation | Description | Effectiveness |
|---|---|---|
| Replace vm2 with alternatives | Use isolated-vm, QuickJS, or Deno for sandboxing. | High |
| Network Segmentation | Restrict access to vm2-dependent services. | Medium |
| Runtime Application Self-Protection (RASP) | Deploy RASP solutions to detect sandbox escapes. | Medium |
| Code Signing & Integrity Checks | Verify untrusted code before execution. | Medium |
| Container Hardening | Use gVisor, Firecracker, or Kata Containers for stronger isolation. | High |
Workarounds (If Upgrade is Not Possible)
- Disable
Promisein sandboxed code (if feasible). - Use a custom
Promisewrapper to block@@speciesmanipulation. - Implement strict CSP (Content Security Policy) to limit script execution.
5. Impact on the Cybersecurity Landscape
Broader Implications
- Increased Risk in Serverless Architectures: Many cloud providers and DevOps tools rely on vm2 for isolation, making them prime targets.
- Supply Chain Attacks: Malicious npm packages could exploit this vulnerability to compromise downstream applications.
- EOL Software Risks: The discontinuation of vm2 means no future security patches, increasing long-term exposure.
- Exploit Availability: Public PoCs and Metasploit modules may emerge, lowering the barrier for attackers.
Industry Response
- CISA (Cybersecurity & Infrastructure Security Agency) has listed this CVE in its Known Exploited Vulnerabilities (KEV) catalog.
- GitHub Security Lab has issued advisories urging immediate upgrades.
- Cloud Providers (AWS, Google Cloud, Azure) have updated their security bulletins to warn users.
6. Technical Details for Security Professionals
Deep Dive: Sandbox Escape Mechanism
-
JavaScript
Promiseand@@species- The
@@speciessymbol allows overriding the constructor used when creating derived objects (e.g.,Promisesubclasses). - By default,
Promise[Symbol.species]returns thePromiseconstructor, but it can be maliciously overridden.
- The
-
vm2’s Sanitization Failure
- vm2 attempts to block access to dangerous JavaScript properties (e.g.,
process,require). - However, it fails to sanitize
@@species, allowing attackers to redefinePromisebehavior.
- vm2 attempts to block access to dangerous JavaScript properties (e.g.,
-
Exploitation Flow
- Attacker submits code that modifies
Promise.prototype.constructor[Symbol.species]. - When a
Promiseis resolved/rejected, the malicious constructor executes outside the sandbox. - The attacker gains full Node.js runtime access, enabling RCE.
- Attacker submits code that modifies
Detection & Forensics
- Log Analysis: Look for unusual
Promise-related errors or unexpectedrequire()calls in sandboxed code. - Memory Forensics: Check for prototype pollution in heap snapshots.
- Network Traffic: Monitor for outbound connections from sandboxed environments (indicative of RCE).
Exploit Chaining Potential
- Combined with SSRF: Attackers could use vm2 RCE to pivot into internal networks.
- Cryptojacking: Malicious scripts could deploy cryptominers on compromised hosts.
- Data Exfiltration: Sensitive files (e.g.,
~/.aws/credentials) could be stolen.
Conclusion & Recommendations
Key Takeaways
- CVE-2023-37466 is a critical sandbox escape vulnerability in vm2, enabling unauthenticated RCE.
- Exploitation is trivial due to public PoCs and low attack complexity.
- The project is EOL, meaning no future patches—migration to alternatives is strongly recommended.
Action Plan for Security Teams
- Patch Immediately: Upgrade to vm2 v3.10.0+ or migrate to a supported sandboxing solution.
- Audit Dependencies: Identify all applications using vm2 and assess risk.
- Harden Environments: Implement container isolation, RASP, and network segmentation.
- Monitor for Exploits: Deploy IDS/IPS rules to detect vm2-related attacks.
- Plan for Deprecation: Replace vm2 with modern alternatives (e.g., isolated-vm, Deno, or WebAssembly-based sandboxes).
Final Risk Assessment
| Factor | Risk Level | Justification |
|---|---|---|
| Exploitability | High | Public PoCs, low complexity |
| Impact | Critical | Full RCE, high confidentiality/integrity/availability impact |
| Remediation Difficulty | Medium | Upgrade available, but EOL status complicates long-term security |
| Likelihood of Exploitation | High | Active scanning for vulnerable instances |
Recommendation: Treat this as a top-priority vulnerability and eliminate vm2 from production environments as soon as possible.
References
security-advisories@github.com
https://github.com/patriksimek/vm2/commit/d9a1fde8ec5a5a9c9e5a69bf91d703950859d744security-advisories@github.com
https://github.com/patriksimek/vm2/releases/tag/v3.10.0security-advisories@github.com
https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5af854a3a-2127-422b-91ae-364da2661108
https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5af854a3a-2127-422b-91ae-364da2661108
https://security.netapp.com/advisory/ntap-20241108-0002/