GHSA-g6w6-h933-4rc5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-g6w6-h933-4rc5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-g6w6-h933-4rc5/GHSA-g6w6-h933-4rc5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-g6w6-h933-4rc5
- Published
- 2023-08-03T19:44:52Z
- Modified
- 2023-08-03T19:44:52Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Soketi was exposed to Sandbox Escape vulnerability via vm2
- Details
-
Impact
What kind of vulnerability is it? Who is impacted? Anyone who might have used Soketi with the
clusterdriver (or through PM2).Patches
Has the problem been patched? What versions should users upgrade to? Get the latest version of Soketi.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading? None. It's advised to upgrade to the latest version.
References
Are there any links users can visit to find out more? - https://github.com/advisories/GHSA-cchq-frgv-rjh5 - https://github.com/patriksimek/vm2/issues/533 - https://github.com/Unitech/pm2/issues/5643
- Database specific
{ "github_reviewed_at": "2023-08-03T19:44:52Z", "cwe_ids": [], "nvd_published_at": null, "severity": "CRITICAL", "github_reviewed": true }- References
-
- https://github.com/soketi/soketi/security/advisories/GHSA-g6w6-h933-4rc5
- https://github.com/Unitech/pm2/issues/5643
- https://github.com/patriksimek/vm2/issues/533
- https://github.com/soketi/soketi/pull/927
- https://github.com/soketi/soketi/commit/de12bff706c0d62e6a57dc1c7be3c4f014d0093a
- https://github.com/advisories/GHSA-cchq-frgv-rjh5
- https://github.com/soketi/soketi
- https://github.com/soketi/soketi/releases/tag/1.6.0
Affected packages
npm / @soketi/soketi
Package
- Name
- @soketi/soketi
- View open source insights on deps.dev
- Purl
- pkg:npm/%40soketi/soketi