Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2023-30547 PoC — Sandbox Escape in vm2

Source
https://github.com/rvizx/CVE-2023-30547
Associated Vulnerability
Title:Sandbox Escape in vm2 (CVE-2023-30547)
Description:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade.
Description
PoC Exploit  for VM2 Sandbox Escape Vulnerability
Readme
## CVE-2023-30547
PoC Exploit for VM2 Sandbox Escape Vulnerability

![alt img](https://rvizx.github.io/CVE-2023-30547.png?raw=true)

### Description
vm2 < 3.9.17 is vulnerable to arbitrary code execution due to a flaw in exception sanitization. Attackers can exploit this by triggering an unsanitized host exception within `handleException()`, enabling them to escape the sandbox and run arbitrary code in the host context.

## VM2-Exploit
⚠️ Consider using the "**[VM2-Exploit](https://github.com/rvizx/VM2-Exploit)**" tool, which can be used to exploit **all versions** of VM2, and it's easy to use.

### Indenfity whether the target is vulnerable

run this on the sandbox to find whether the target is vulnerable or not.

```js
const version = require("vm2/package.json").version;

if (version < "3.9.17") {
    console.log("vulnerable!");
} else {
    console.log("not vulnerable");
}
```

## Usage

```
git clone https://github.com/rvizx/CVE-2023-30547
cd CVE-2023-30547
python3 exploit.py
```

or 

```
wget https://raw.githubusercontent.com/rvizx/CVE-2023-30547/main/exploit.py
python3 exploit.py
```

## Credits

### PoC and Analysis
https://gist.github.com/leesh3288/381b230b04936dd4d74aaf90cc8bb244

### Credits
[Xion](https://twitter.com/0x10n) (SeungHyun Lee) of [KAIST Hacking Lab](https://kaist-hacking.github.io/)
File Snapshot

 [4.0K]  /data/pocs/25a250d474b65112037615835c34f9b624c5bcee
├── [2.1K]  exploit.py
└── [1.3K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →