Node.js v3.11.4 NodeVM Sandbox Escape Vulnerabilities Security Bulletin

Vulnerability Overview Node.js v3.11.4 has been released, containing multiple security fixes. The primary vulnerabilities addressed are: 1. Bridge Set Trap Ignoring ECMA-262 9.9.5.9 Receiver: Allows write-leakage to host objects via and (write-channel - RCE). 2. Cross-Realm Symbol for Namespace Leak: Missing dangerous symbol guards in the bridge trap allow to enable sandbox-installed stream branding/network hooks on host objects (RCE). 3. Host Prototype Mutation via Function.prototype: Indirect setting via setters through and , breaking the host's intrinsic prototype chain and escaping via prototype chain vulnerabilities (RCE). 4. Defense Invariant Violation in defaultSandboxPrepareStackTrace: A second variant in another file, where overrides can observe bridge internal stack trace states. 5. Promise Species Hijack in localPromise's Swallow-tail: Hijacking downstream subclass constructors to capture V8 internal (resolve, reject) capabilities and raw host-real errors - host Function (RCE). 6. NodeVM Constructor Patch Bypasses of GHSA-8bg8-63c5-gwmc: Any nesting with results in . 7. WebAssembly JSP (WebAssembly.promising / WebAssembly.Suspending): Node 24+ behind flags, Node 26+ (default) uses Promise objects with host-real chains without bridge interpolation; species hijack delivers raw host-real rejection to sandbox . 8. NodeVM Builtin Denylist Bypass via process (whoGetBuiltinModule(name)): Reloading any core module, regardless of configuration, and using to evaluate attacker JS in the host-real context. Exceeds GHSA-947i-4y7t-xv6. 9. NodeVM Builtin [::] Wildcard Exposing Node's Undocumented Underscored Network Builtins: , , , expose SSRF-like capability bypasses even when exclusions are in use (CVSS 8.6). 10. NodeVM builtin allowlist Surfacing Four Process-Wide Observability Builtins: , , , read the entire host process state rather than sandbox-local state - leading to HTTP header/async context/performance mark/heap snapshot leakage. Scope of Impact Node.js v3.11.4 version NodeVM constructor WebAssembly related features Promise objects Bridge related features Inspector and Promises NodeVM Builtin Denylist NodeVM Builtin Wildcard Process-Wide Observability Builtins Remediation Bridge Set Trap Ignoring ECMA-262 9.9.5.9 Receiver: Fixes the bridge trap to prevent write-leakage to host objects via and . Cross-Realm Symbol for Namespace Leak: Adds dangerous symbol guards to prevent from enabling sandbox-installed stream branding/network hooks on host objects. Host Prototype Mutation via Function.prototype: Fixes and indirect setting via setters, preventing the breaking of the host's intrinsic prototype chain and escape via prototype chain vulnerabilities. Defense Invariant Violation in defaultSandboxPrepareStackTrace: Fixes overrides to prevent observation of bridge internal stack trace states. Promise Species Hijack in localPromise's Swallow-tail: Fixes downstream subclass constructors to prevent hijacking of V8 internal (resolve, reject) capabilities and raw host-real errors. NodeVM Constructor Patch Bypasses of GHSA-8bg8-63c5-gwmc: Fixes . WebAssembly JSP (WebAssembly.promising / WebAssembly.Suspending): Fixes Promise objects with host-real chains without bridge interpolation to prevent species hijack from delivering raw host-real rejection to the sandbox. NodeVM Builtin Denylist Bypass via process (whoGetBuiltinModule(name)): Fixes the reloading of any core module regardless of configuration and the use of to evaluate attacker JS in the host-real context. NodeVM Builtin Wildcard Exposing Node's Undocumented Underscored Network Builtins: Fixes the exposure of , , , and SSRF-like capability bypasses even when exclusions are in use. NodeVM builtin allowlist Surfacing Four Process-Wide Observability Builtins: Fixes , , , from reading the entire host process state instead of sandbox-local state. POC Code No specific POC code was provided in the page.

Goal Reached Thanks to every supporter — we hit 100%!

Node.js v3.11.4 NodeVM Sandbox Escape Vulnerabilities Security Bulletin

More from this source