9.8

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-g6w6-h933-4rc5

EPSS Score

CWE

Published

8/3/2023

Updated

8/3/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-g6w6-h933-4rc5

GHSA-g6w6-h933-4rc5: Soketi was exposed to Sandbox Escape vulnerability via vm2

Impact

What kind of vulnerability is it? Who is impacted? Anyone who might have used Soketi with the cluster driver (or through PM2).

Patches

Has the problem been patched? What versions should users upgrade to? Get the latest version of Soketi.

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading? None. It's advised to upgrade to the latest version.

References

Are there any links users can visit to find out more?

https://github.com/advisories/GHSA-cchq-frgv-rjh5
https://github.com/patriksimek/vm2/issues/533
https://github.com/Unitech/pm2/issues/5643

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-g6w6-h933-4rc5

EPSS Score

CWE

Published

8/3/2023

Updated

8/3/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
@soketi/soketi	npm	< 1.6.0	1.6.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from Soketi's dependency on @pm2/agent, which previously used the deprecated vm2 library. The commit de12bff shows Soketi upgraded @pm2/agent to v2.0.3 to address this. vm2's critical sandbox escape (CVE-2023-37466) allowed RCE via Promise handler exploitation. The primary vulnerable functions are vm2's VM.run and NodeVM.run, which handle sandboxed code execution. These functions were indirectly exposed through PM2's cluster driver integration in Soketi. The confidence is high because the vulnerability is well-documented in vm2's CVE and the mitigation path (removing vm2 via @pm2/agent update) matches the commit.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t _W**t kin* o* vuln*r**ility is it? W*o is imp**t**?_ *nyon* w*o mi**t **v* us** Sok*ti wit* t** `*lust*r` *riv*r (or t*rou** PM*). ### P*t***s _**s t** pro*l*m ***n p*t****? W**t v*rsions s*oul* us*rs up*r*** to?_ **t t** l*t*st v*rsion o

Reasoning

T** vuln*r**ility st*ms *rom Sok*ti's **p*n**n*y on @pm*/***nt, w*i** pr*viously us** t** **pr***t** `vm*` li*r*ry. T** *ommit `*******` s*ows Sok*ti up*r**** @pm*/***nt to v*.*.* to ***r*ss t*is. `vm*`'s *riti**l s*n**ox *s**p* (*V*-****-*****) *llo

9.8

Basic Information

Concerned about an active attack path?

GHSA-g6w6-h933-4rc5: Soketi was exposed to Sandbox Escape vulnerability via vm2

Impact

Patches

Workarounds

References

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI