8.4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-51661

GHSA ID

GHSA-4mq4-7rw3-vm5j

EPSS Score

0.50317%

CWE

CWE-284

Published

12/13/2023

Updated

1/3/2024

KEV Status

Technology

Rust

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-51661

CVE-2023-51661: Wasmer filesystem sandbox not enforced

Summary

As of Wasmer version v4.2.3, Wasm programs can access the filesystem outside of the sandbox.

Details

https://github.com/wasmerio/wasmer/issues/4267

PoC

A minimal Rust program:

fn main() {
    let f = std::fs::OpenOptions::new()
        .write(true)
        .create_new(true)
        .open("abc")
        .unwrap();
}

This should be compiled with cargo build --target wasm32-wasi. The compiled program, when run with wasmer WITHOUT --dir, can still create a file in the working directory.

Impact

Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem.

(GitHub Advisory)

8.4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-51661

GHSA ID

GHSA-4mq4-7rw3-vm5j

EPSS Score

0.50317%

CWE

CWE-284

Published

12/13/2023

Updated

1/3/2024

KEV Status

Technology

Rust

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
wasmer-cli	rust	>= 3.0.0, < 4.2.4	4.2.4

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from improper filesystem sandboxing in WASI directory mapping. The key functions are in the Wasi command handler where:

The prepare() method set up environment without properly restricting default directory access
build_mapped_directories() handled path mapping logic but previously allowed:
- Implicit current directory mapping to host FS
- Absolute path validation issues
- Duplicate directory mapping checks These functions were modified in the patched commit to add proper sandbox enforcement through the MAPPED_CURRENT_DIR_DEFAULT_PATH constant and strict path validation, indicating they were the source of the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Summ*ry *s o* W*sm*r v*rsion v*.*.*, W*sm pro*r*ms **n ****ss t** *il*syst*m outsi** o* t** s*n**ox. ### **t*ils *ttps://*it*u*.*om/w*sm*rio/w*sm*r/issu*s/**** ### Po* * minim*l Rust pro*r*m: ``` *n m*in() { l*t * = st*::*s::Op*nOptions::n

Reasoning

T** vuln*r**ility st*mm** *rom improp*r *il*syst*m s*n**oxin* in W*SI *ir**tory m*ppin*. T** k*y *un*tions *r* in t** W*si *omm*n* **n*l*r w**r*: *. T** pr*p*r*() m*t*o* s*t up *nvironm*nt wit*out prop*rly r*stri*tin* ****ult *ir**tory ****ss *. *uil

8.4

Basic Information

Concerned about an active attack path?

CVE-2023-51661: Wasmer filesystem sandbox not enforced

Summary

Details

PoC

Impact

8.4

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI