{"vulnerability": "CVE-2023-32314", "sightings": [{"uuid": "fed7cf8e-5362-44c0-9e9b-d32262764de9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32314", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2667", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32314\n\ud83d\udd39 Description: vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2023-05-15T19:46:32.834Z\n\ud83d\udccf Modified: 2025-01-22T21:42:31.793Z\n\ud83d\udd17 References:\n1. https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5\n2. https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf\n3. https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac\n4. https://github.com/patriksimek/vm2/releases/tag/3.9.18", "creation_timestamp": "2025-01-22T22:02:32.000000Z"}, {"uuid": "8cec44db-3fd5-437e-a6b6-16735de009f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32314", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3008", "content": "Cybersecurity News - Hackers Factory \n\n\n\u200aFlaw in Telegram Gives Attackers Access to macOS Camera\n\nhttps://restoreprivacy.com/flaw-in-telegram-gives-attackers-access-to-macos-camera/\n\n\u200aStealthy MerDoor malware uncovered after five years of attacks\n\nhttps://www.bleepingcomputer.com/news/security/stealthy-merdoor-malware-uncovered-after-five-years-of-attacks/\n\n\u200aTransportation Department breach exposes data of federal employees\n\nhttps://fedscoop.com/transerve-data-breach/\n\n\u200aRansomware gang steals data of 5.8 million PharMerica patients\n\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-steals-data-of-58-million-pharmerica-patients/\n\n\u200aWhatsApp now lets you lock chats with a password or fingerprint\n\nhttps://www.bleepingcomputer.com/news/security/whatsapp-now-lets-you-lock-chats-with-a-password-or-fingerprint/\n\n\u200aNovel Malware Strain, PIPEDREAM, Deployed by Russian-Linked Hackers Against US Energy Corporations\n\nhttps://latesthackingnews.com/2023/05/15/novel-malware-strain-pipedream-deployed-by-russian-linked-hackers-against-us-energy-corporations/\n\n\u200aVirusTotal AI code analysis expands Windows, Linux script support\n\nhttps://www.bleepingcomputer.com/news/security/virustotal-ai-code-analysis-expands-windows-linux-script-support/\n\n\u200aThe new info-stealing malware operations to watch out for\n\nhttps://www.bleepingcomputer.com/news/security/the-new-info-stealing-malware-operations-to-watch-out-for/\n\n\u200aPhiladelphia Inquirer operations disrupted after cyberattack\n\nhttps://www.bleepingcomputer.com/news/security/philadelphia-inquirer-operations-disrupted-after-cyberattack/\n\n\u200aExploit available for critical RCE (CVE-2023-32314) bug in VM2 sandbox library\n\nhttps://securityonline.info/exploit-available-for-critical-rce-cve-2023-32314-bug-in-vm2-sandbox-library/\n\n\u200aAuthentication Bypass Flaw CVE-2023-2499 in WordPress Plugin With Over 10,000 Installations\n\nhttps://securityonline.info/authentication-bypass-flaw-cve-2023-2499-in-wordpress-plugin-with-over-10000-installations/\n\n\u200aEntropyReducer: Reduce Entropy And Obfuscate Your Payload\n\nhttps://securityonline.info/entropyreducer-reduce-entropy-and-obfuscate-your-payload/\n\n\u200aPoC Released for Linux Kernel Privilege Escalation (CVE-2023-32233) Vulnerability\n\nhttps://securityonline.info/poc-released-for-linux-kernel-privilege-escalation-cve-2023-32233-vulnerability/\n\n\u200aMultiple Vulnerabilities Uncovered in Kiddoware Kids Place Parental Control Android App\n\nhttps://securityonline.info/multiple-vulnerabilities-uncovered-in-kiddoware-kids-place-parental-control-android-app/\n\n\u200aHow the A-GPS in your smartphone works, and whether Qualcomm is tracking you | Kaspersky official blog\n\nhttps://www.kaspersky.com/blog/gps-agps-supl-tracking-protection/48175/\n\n\u200aThe nature of cyberincidents in 2022\n\nhttps://securelist.com/kaspersky-incident-response-report-2022/109680/\n\n\u200aFormer Ubiquiti employee gets 6 years in jail for stealing confidential data and extorting company\n\nhttps://securityaffairs.com/146228/cyber-crime/uiti-employee-sentenced-6-years.html\n\n\u200aIntroducing the DRM-Report Q1 2023: Unveiling the Current State of Ransomware\n\nhttps://securityaffairs.com/146241/malware/drm-dashboard-ransomware-monitor-q1-2023.html\n\n\u200aNew RA Group ransomware gang is the latest group using leaked Babuk source code\n\nhttps://securityaffairs.com/146248/cyber-crime/new-ra-group.html\n\n\u200aMicrosoft Security highlights from RSA Conference 2023\n\nhttps://www.microsoft.com/en-us/security/blog/2023/05/15/microsoft-security-highlights-from-rsa-conference-2023/\n\n\u200aFerrari Website Flaw Exposes Their Database Credentials\n\nhttps://gbhackers.com/ferrari-website-flaw-exposes-their-database-credentials/\n\n\u200aHackers Adapting New Unique Way to Overcome Microsoft Default Macro Block\n\nhttps://gbhackers.com/microsoft-default-macro-block/\n\n\u200aToyota Data Breach \u2013 Over 2 Million Customers Data Exposed\n\nhttps://gbhackers.com/toyota-data-breach/\n\n\u200aWhatsApp \u2013 Now you Can Lock & Hide Chats with a Password\n\nhttps://gbhackers.com/whatsapp-chat-lock/\n\n\nhttps://t.me/dilagrafie", "creation_timestamp": "2023-05-16T11:19:44.000000Z"}, {"uuid": "3cfff6c0-b829-4a3c-acf7-0c36fa70b07f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32314", "type": "seen", "source": "https://t.me/cibsecurity/64174", "content": "\u203c CVE-2023-32314 \u203c\n\nvm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-16T00:29:53.000000Z"}]}