Miggo Logo
Miggo Vulnerability Database
CVE-2022-25893

CVE-2022-25893: vm2 vulnerable to Arbitrary Code Execution

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-25893
GHSA ID
GHSA-4w2j-2rg4-5mjw
EPSS Score
0.32839%
CWE
CWE-94
Published
12/21/2022
Updated
1/30/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
vm2npm< 3.9.103.9.10

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from using WeakMap.prototype.set without proper sandbox protection in the Error stack trace handling mechanism. The commit diff shows the fix changed from using prototype methods (wrappedPrepareStackTrace.set) to direct WeakMap method calls via localReflectApply with a preserved localWeakMapSet reference. This indicates the original prototype-based access was vulnerable to manipulation from within the sandbox, as demonstrated in the PoC that overrides WeakMap.prototype.set to compromise the sandbox.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** p**k*** vm* ***or* *.*.** is vuln*r**l* to *r*itr*ry *o** *x**ution *u* to t** us*** o* prototyp* lookup *or t** W**kM*p.prototyp*.s*t m*t*o*. *xploitin* t*is vuln*r**ility l***s to ****ss to * *ost o*j**t *n* * s*n**ox *ompromis*.

Reasoning

T** vuln*r**ility st*mm** *rom usin* `W**kM*p.prototyp*.s*t` wit*out prop*r s*n**ox prot**tion in t** *rror st**k tr*** **n*lin* m****nism. T** *ommit *i** s*ows t** *ix ***n*** *rom usin* prototyp* m*t*o*s (`wr*pp**Pr*p*r*St**kTr***.s*t`) to *ir**t