CVE-2023-51661

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-51661

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-51661.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-51661

Aliases

GHSA-4mq4-7rw3-vm5j

Published

2023-12-22T14:54:23Z

Modified

2025-10-22T18:40:18.642654Z

Severity

8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Filesystem sandbox not enforced in wasmer-cli

Details

Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This vulnerability has been patched in version 4.2.4.

Database specific

{
    "cwe_ids": [
        "CWE-284"
    ]
}

References

Affected packages

Git / github.com/wasmerio/wasmer

Affected ranges

Type: GIT
Repo: https://github.com/wasmerio/wasmer
Events: Introduced

3a105194470a955ba663509fc8dae60d3085717c

Fixed

4d63febf9d8b257b0531963b85df48d45d0dbf3c

Affected versions

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.1.0

v3.2.0

v3.2.0-alpha.1

v3.2.0-beta.1

v3.2.0-beta.2

v3.2.1

v3.3.0

v4.*

v4.0.0

v4.0.0-alpha.1

v4.0.0-beta.1

v4.0.0-beta.2

v4.0.0-beta.3

v4.1.0

v4.1.1

v4.1.2

v4.2.0

v4.2.1

v4.2.2

v4.2.3

Other

vmini-release-headless