CVE-2023-51661

Exploit

EPSS 0.6%
Veröffentlicht 22.12.2023 15:15:08
Zuletzt bearbeitet 21.11.2024 08:38:33
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Filesystem sandbox not enforced in wasmer-cli

Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wasmer ≫ Wasmer SwPlatformrust Version >= 3.0.0 < 4.2.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.6%	0.437

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
security-advisories@github.com	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://github.com/wasmerio/wasmer/commit/4d63febf9d8b257b0531963b85df48d45d0dbf3c

Patch

https://github.com/wasmerio/wasmer/issues/4267

Issue Tracking

https://github.com/wasmerio/wasmer/security/advisories/GHSA-4mq4-7rw3-vm5j

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-51661

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-51661

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-51661

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-51661