Exploit available for critical bug in VM2 JavaScript sandbox library

Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in the popular VM2 library, a JavaScript sandbox that is used by multiple software to run code securely in a virtualized environment.

The library is designed to run untrusted code in an isolated context on Node.js servers. It allows partial execution of the code and prevents unauthorized access to system resources or to external data.

VM2 has more than 16 million monthly downloads via the NPM package repository and it is used by integrated development environments (IDEs) and code editors, function-as-a-service (FaaS) solutions, pen-testing frameworks, security tools, and various JavaScript-related products.

Maximum severity level

Tracked as , the recently fixed vulnerability received the maximum severity score of 10.0. It was discovered by the research team at Korea Advanced Institute of Science and Technology (KAIST).

The researchers found that the VM2 library handled improperly the host objects passed to the ‘Error.prepareStackTrace’ function when an asynchronous error occurs.

Exploiting the security issue can lead to bypassing sandbox protections and gaining remote code execution on the host.

“A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox,” reads the .

The issue impacts all versions of VM2 from 3.9.14 and older. The with the release of a new version of the library, 3.9.15. There is no workaround available.

Exploit code available

After the release of the new VM2 version that addresses critical vulnerability, KAIST Ph.D student Seongil Wi published on GitHub in a secret repository two variations of the for CVE-2023-29017.

The PoCs, in their published form, simply create a new file named ‘flag’ on the host system, proving that VM2’s sandbox protections can be bypassed, allowing the execution of commands to create arbitrary files on the host system.

In October 2022, VM2 suffered from another critical flaw, , which also enabled attackers to escape the sandbox environment and run commands on the host system. That issue was also fixed swiftly with the release of a new version of the library.