How can an attacker exploit GHSA-22rr-f3p8-5gf8?

Attackers can exploit GHSA-22rr-f3p8-5gf8 by leveraging the bypassed Promise handler sanitization in vm2 to escape the sandbox and execute arbitrary code.

How does GHSA-22rr-f3p8-5gf8 affect Directus?

In Directus, GHSA-22rr-f3p8-5gf8 specifically impacts the "Run Script" operation in flows, allowing the execution of code in the main Node.js context.

What is the severity of GHSA-22rr-f3p8-5gf8?

The severity of GHSA-22rr-f3p8-5gf8 is high with a CVSS score of 7.6.

How can I fix GHSA-22rr-f3p8-5gf8?

To fix GHSA-22rr-f3p8-5gf8, update vm2 to version 3.9.20 or higher in Directus.

vuln-group

GHSA-22rr-f3p8-5gf8

Q: What is the impact of GHSA-22rr-f3p8-5gf8?

The impact is that in vm2 versions up to 3.9.19, Promise handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code in the main Node.js context in Directus.

Severity: high (7.6)

First published: Fri Sep 15 2023

Last modified: Mon Sep 18 2023

### Impact In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code. Within Directus this applies to the "Run Script" operation in flows being able to escape the sandbox running code in the main nodejs context. ### Patches Patched in v10.6.0 by replacing `vm2` with `isolated-vm` ### Workarounds None ### References https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5

Any of

npm/directus
<10.6.0
fixed in: 10.6.0

FAQ

What is the impact of GHSA-22rr-f3p8-5gf8?
The impact is that in vm2 versions up to 3.9.19, Promise handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code in the main Node.js context in Directus.
How can an attacker exploit GHSA-22rr-f3p8-5gf8?
Attackers can exploit GHSA-22rr-f3p8-5gf8 by leveraging the bypassed Promise handler sanitization in vm2 to escape the sandbox and execute arbitrary code.
How does GHSA-22rr-f3p8-5gf8 affect Directus?
In Directus, GHSA-22rr-f3p8-5gf8 specifically impacts the "Run Script" operation in flows, allowing the execution of code in the main Node.js context.
What is the severity of GHSA-22rr-f3p8-5gf8?
The severity of GHSA-22rr-f3p8-5gf8 is high with a CVSS score of 7.6.
How can I fix GHSA-22rr-f3p8-5gf8?
To fix GHSA-22rr-f3p8-5gf8, update vm2 to version 3.9.20 or higher in Directus.

Reference Links

collector/github-advisory-latest
alias/GHSA-22rr-f3p8-5gf8
collector/github-advisory
package-manager/npm

FAQ

What is the impact of GHSA-22rr-f3p8-5gf8?
The impact is that in vm2 versions up to 3.9.19, Promise handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code in the main Node.js context in Directus.
How can an attacker exploit GHSA-22rr-f3p8-5gf8?
Attackers can exploit GHSA-22rr-f3p8-5gf8 by leveraging the bypassed Promise handler sanitization in vm2 to escape the sandbox and execute arbitrary code.
How does GHSA-22rr-f3p8-5gf8 affect Directus?
In Directus, GHSA-22rr-f3p8-5gf8 specifically impacts the "Run Script" operation in flows, allowing the execution of code in the main Node.js context.
What is the severity of GHSA-22rr-f3p8-5gf8?
The severity of GHSA-22rr-f3p8-5gf8 is high with a CVSS score of 7.6.
How can I fix GHSA-22rr-f3p8-5gf8?
To fix GHSA-22rr-f3p8-5gf8, update vm2 to version 3.9.20 or higher in Directus.

GHSA-22rr-f3p8-5gf8

Any of

FAQ

What is the impact of GHSA-22rr-f3p8-5gf8?

How can an attacker exploit GHSA-22rr-f3p8-5gf8?

How does GHSA-22rr-f3p8-5gf8 affect Directus?

What is the severity of GHSA-22rr-f3p8-5gf8?

How can I fix GHSA-22rr-f3p8-5gf8?

Reference Links

Navigation

FAQ

What is the impact of GHSA-22rr-f3p8-5gf8?

How can an attacker exploit GHSA-22rr-f3p8-5gf8?

How does GHSA-22rr-f3p8-5gf8 affect Directus?

What is the severity of GHSA-22rr-f3p8-5gf8?

How can I fix GHSA-22rr-f3p8-5gf8?