Home > Vulnerability Database > WS-2019-0284

Mend.io Vulnerability Database

WS-2019-0284

Good to know:

Date: September 19, 2019

Realms-shim before 1.2.0 is vulnerable to a Sandbox Breakout. The package's core evaluator, which must switch between "unsafe mode" and "safe mode" for each call, could be left in "unsafe mode" if an attacker is able to force a RangeError in a specific timeframe. This would allow the attacker to escape the sandbox and run arbitrary code.

Language: JS

Severity Score

7.5

Related Resources (3)

Url: https://github.com/Agoric/realms-shim/security/advisories/GHSA-6jg8-7333-554w

Url: https://github.com/Agoric/realms-shim/commit/6ea0b16bfbed81f82f430467bc3c63e769fb8988

Url: https://www.mend.io/vulnerability-database/WS-2019-0284

Severity Score

7.5

Weakness Type (CWE)

Code

CWE-17

Top Fix

Upgrade Version

Upgrade to version 1.2.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2019-0284

Good to know:

Date: September 19, 2019

Language: JS

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?